CaROS/meta-openembedded
3
1
Fork 0
mirror of git://git.openembedded.org/meta-openembedded synced 2026-01-04 16:10:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

samba: update to 4.8.11

Browse Source 
* This includes security fixes that adresses the following defects:
CVE-2018-14629 (Unprivileged adding of CNAME record causing loop in AD
Internal DNS server)
CVE-2018-16841 (Double-free in Samba AD DC KDC with PKINIT)
CVE-2018-16851 (NULL pointer de-reference in Samba AD DC LDAP server)
CVE-2018-16853 (Samba AD DC S4U2Self crash in experimental MIT Kerberos
configuration (unsupported))
CVE-2019-3880 (Save registry file outside share as unprivileged user)

* Upstreamed patch removed:
0001-ldb-Refuse-to-build-Samba-against-a-newer-minor-vers.patch

* Extended PACKAGECONFIG ad-dc to be able to build MIT Kerberos
see https://bugzilla.samba.org/show_bug.cgi?id=13678

Signed-off-by: Johannes Pointner <johannes.pointner@br-automation.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This commit is contained in:
Johannes Pointner 2019-05-08 09:31:19 +02:00 committed by Khem Raj
parent 7edaba2496
commit 11e7ffc442
2 changed files with 3 additions and 90 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

86
meta-networking/recipes-connectivity/samba/samba/0001-ldb-Refuse-to-build-Samba-against-a-newer-minor-vers.patch
View File

@ -1,86 +0,0 @@
From 0bc8bc4143a58f91f6d7ce228b6763f377fdf45a Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Thu, 12 Jul 2018 12:34:56 +1200
Subject: [PATCH] ldb: Refuse to build Samba against a newer minor version of
ldb
Samba is not compatible with new versions of ldb (except release versions)
Other users would not notice the breakages, but Samba makes many
more assuptions about the LDB internals than any other package.
(Specifically, LDB 1.2 and 1.4 broke builds against released
Samba versions)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13519
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
(cherry picked from commit 52efa796538ae004ca62ea32fc8c833472991be6)
---
lib/ldb/wscript | 32 ++++++++++++++++++++++----------
1 file changed, 22 insertions(+), 10 deletions(-)
diff --git a/lib/ldb/wscript b/lib/ldb/wscript
index d94086b..2bb0832 100644
--- a/lib/ldb/wscript
+++ b/lib/ldb/wscript
@@ -62,23 +62,33 @@ def configure(conf):
conf.env.standalone_ldb = conf.IN_LAUNCH_DIR()
if not conf.env.standalone_ldb:
+ max_ldb_version = [int(x) for x in VERSION.split(".")]
+ max_ldb_version[2] = 999
+ max_ldb_version_dots = "%d.%d.%d" % tuple(max_ldb_version)
+
if conf.env.disable_python:
- if conf.CHECK_BUNDLED_SYSTEM_PKG('ldb', minversion=VERSION,
- onlyif='talloc tdb tevent',
- implied_deps='replace talloc tdb tevent'):
+ if conf.CHECK_BUNDLED_SYSTEM_PKG('ldb',
+ minversion=VERSION,
+ maxversion=max_ldb_version_dots,
+ onlyif='talloc tdb tevent',
+ implied_deps='replace talloc tdb tevent'):
conf.define('USING_SYSTEM_LDB', 1)
else:
using_system_pyldb_util = True
- if not conf.CHECK_BUNDLED_SYSTEM_PKG('pyldb-util', minversion=VERSION,
- onlyif='talloc tdb tevent',
- implied_deps='replace talloc tdb tevent ldb'):
+ if not conf.CHECK_BUNDLED_SYSTEM_PKG('pyldb-util',
+ minversion=VERSION,
+ maxversion=max_ldb_version_dots,
+ onlyif='talloc tdb tevent',
+ implied_deps='replace talloc tdb tevent ldb'):
using_system_pyldb_util = False
# We need to get a pyldb-util for all the python versions
# we are building for
if conf.env['EXTRA_PYTHON']:
name = 'pyldb-util' + conf.all_envs['extrapython']['PYTHON_SO_ABI_FLAG']
- if not conf.CHECK_BUNDLED_SYSTEM_PKG(name, minversion=VERSION,
+ if not conf.CHECK_BUNDLED_SYSTEM_PKG(name,
+ minversion=VERSION,
+ maxversion=max_ldb_version_dots,
onlyif='talloc tdb tevent',
implied_deps='replace talloc tdb tevent ldb'):
using_system_pyldb_util = False
@@ -86,9 +96,11 @@ def configure(conf):
if using_system_pyldb_util:
conf.define('USING_SYSTEM_PYLDB_UTIL', 1)
- if conf.CHECK_BUNDLED_SYSTEM_PKG('ldb', minversion=VERSION,
- onlyif='talloc tdb tevent pyldb-util',
- implied_deps='replace talloc tdb tevent'):
+ if conf.CHECK_BUNDLED_SYSTEM_PKG('ldb',
+ minversion=VERSION,
+ maxversion=max_ldb_version_dots,
+ onlyif='talloc tdb tevent pyldb-util',
+ implied_deps='replace talloc tdb tevent'):
conf.define('USING_SYSTEM_LDB', 1)
if conf.CONFIG_SET('USING_SYSTEM_LDB'):
--
2.18.0

7
meta-networking/recipes-connectivity/samba/samba_4.8.4.bb → meta-networking/recipes-connectivity/samba/samba_4.8.11.bb
View File

@ -23,7 +23,6 @@ SRC_URI = "${SAMBA_MIRROR}/stable/samba-${PV}.tar.gz \
file://dnsserver-4.7.0.patch \
file://smb_conf-4.7.0.patch \
file://volatiles.03_samba \
file://0001-ldb-Refuse-to-build-Samba-against-a-newer-minor-vers.patch \
"
SRC_URI_append_libc-musl = " \
file://samba-pam.patch \
@ -31,8 +30,8 @@ SRC_URI_append_libc-musl = " \
file://cmocka-uintptr_t.patch \
"
SRC_URI[md5sum] = "ca5bfbebd8d9eb95506e16594b2bbee2"
SRC_URI[sha256sum] = "f5044d149e01894a08b1d114b8b69aed78171a7bb19608bd1fd771453b9a5406"
SRC_URI[md5sum] = "de61611075e97ea98140a42d9189d9a5"
SRC_URI[sha256sum] = "d294a8d7455d7d252d7bafc9c474855ea6e0ebe559c3babcd303a5c24e58710a"
UPSTREAM_CHECK_REGEX = "samba\-(?P<pver>4\.8(\.\d+)+).tar.gz"
@ -93,7 +92,7 @@ PACKAGECONFIG[libunwind] = ", , libunwind"
# We are now at 4.7.0, so take the above with a grain of salt. We do not need to know where
# krb5kdc is unless ad-dc is enabled, but we tell configure anyhow.
#
PACKAGECONFIG[ad-dc] = ",--without-ad-dc,,"
PACKAGECONFIG[ad-dc] = "--with-experimental-mit-ad-dc,--without-ad-dc,,"
PACKAGECONFIG[gnutls] = "--enable-gnutls,--disable-gnutls,gnutls,"
PACKAGECONFIG[mitkrb5] = "--with-system-mitkrb5 --with-system-mitkdc=/usr/sbin/krb5kdc,,krb5,"