samba: update to 4.8.11

* This includes security fixes that adresses the following defects: CVE-2018-14629 (Unprivileged adding of CNAME record causing loop in AD Internal DNS server) CVE-2018-16841 (Double-free in Samba AD DC KDC with PKINIT) CVE-2018-16851 (NULL pointer de-reference in Samba AD DC LDAP server) CVE-2018-16853 (Samba AD DC S4U2Self crash in experimental MIT Kerberos configuration (unsupported)) CVE-2019-3880 (Save registry file outside share as unprivileged user) * Upstreamed patch removed: 0001-ldb-Refuse-to-build-Samba-against-a-newer-minor-vers.patch * Extended PACKAGECONFIG ad-dc to be able to build MIT Kerberos see https://bugzilla.samba.org/show_bug.cgi?id=13678 Signed-off-by: Johannes Pointner <johannes.pointner@br-automation.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
author: Johannes Pointner <johannes.pointner@br-automation.com> 2019-05-08 09:31:19 +0200
committer: Armin Kuster <akuster808@gmail.com> 2019-05-23 07:03:43 -0700
commit: 72506457f01fc03d883f79ff871a698eabf01e9e (patch)
tree: d125e67f2f57e279369e31e95d3c680b4234c1e1
parent: 752d14e05dbe6b6d3f406ad79396da4af08c2d81 (diff)
download: meta-openembedded-72506457f01fc03d883f79ff871a698eabf01e9e.tar.gz
2 files changed, 3 insertions, 90 deletions
diff --git a/meta-networking/recipes-connectivity/samba/samba/0001-ldb-Refuse-to-build-Samba-against-a-newer-minor-vers.patch b/meta-networking/recipes-connectivity/samba/samba/0001-ldb-Refuse-to-build-Samba-against-a-newer-minor-vers.patch
deleted file mode 100644
index 4c94831d7..000000000
--- a/meta-networking/recipes-connectivity/samba/samba/0001-ldb-Refuse-to-build-Samba-against-a-newer-minor-vers.patch
+++ /dev/null
@@ -1,86 +0,0 @@
-From 0bc8bc4143a58f91f6d7ce228b6763f377fdf45a Mon Sep 17 00:00:00 2001
-From: Andrew Bartlett <abartlet@samba.org>
-Date: Thu, 12 Jul 2018 12:34:56 +1200
-Subject: [PATCH] ldb: Refuse to build Samba against a newer minor version of
- ldb
-Samba is not compatible with new versions of ldb (except release versions)
-Other users would not notice the breakages, but Samba makes many
-more assuptions about the LDB internals than any other package.
-(Specifically, LDB 1.2 and 1.4 broke builds against released
-Samba versions)
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=13519
-Signed-off-by: Andrew Bartlett <abartlet@samba.org>
-Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
-(cherry picked from commit 52efa796538ae004ca62ea32fc8c833472991be6)
---
- lib/ldb/wscript | 32 ++++++++++++++++++++++----------
- 1 file changed, 22 insertions(+), 10 deletions(-)
-diff --git a/lib/ldb/wscript b/lib/ldb/wscript
-index d94086b..2bb0832 100644
--- a/lib/ldb/wscript
-+++ b/lib/ldb/wscript
-@@ -62,23 +62,33 @@ def configure(conf):
-     conf.env.standalone_ldb = conf.IN_LAUNCH_DIR()
- 
-     if not conf.env.standalone_ldb:
-+        max_ldb_version = [int(x) for x in VERSION.split(".")]
-+        max_ldb_version[2] = 999
-+        max_ldb_version_dots = "%d.%d.%d" % tuple(max_ldb_version)
-+
-         if conf.env.disable_python:
-            if conf.CHECK_BUNDLED_SYSTEM_PKG('ldb', minversion=VERSION,
-                                         onlyif='talloc tdb tevent',
-                                         implied_deps='replace talloc tdb tevent'):
-+            if conf.CHECK_BUNDLED_SYSTEM_PKG('ldb',
-+                                             minversion=VERSION,
-+                                             maxversion=max_ldb_version_dots,
-+                                             onlyif='talloc tdb tevent',
-+                                             implied_deps='replace talloc tdb tevent'):
-                 conf.define('USING_SYSTEM_LDB', 1)
-         else:
-             using_system_pyldb_util = True
-            if not conf.CHECK_BUNDLED_SYSTEM_PKG('pyldb-util', minversion=VERSION,
-                                             onlyif='talloc tdb tevent',
-                                             implied_deps='replace talloc tdb tevent ldb'):
-+            if not conf.CHECK_BUNDLED_SYSTEM_PKG('pyldb-util',
-+                                                 minversion=VERSION,
-+                                                 maxversion=max_ldb_version_dots,
-+                                                 onlyif='talloc tdb tevent',
-+                                                 implied_deps='replace talloc tdb tevent ldb'):
-                 using_system_pyldb_util = False
- 
-             # We need to get a pyldb-util for all the python versions
-             # we are building for
-             if conf.env['EXTRA_PYTHON']:
-                 name = 'pyldb-util' + conf.all_envs['extrapython']['PYTHON_SO_ABI_FLAG']
-                if not conf.CHECK_BUNDLED_SYSTEM_PKG(name, minversion=VERSION,
-+                if not conf.CHECK_BUNDLED_SYSTEM_PKG(name,
-+                                                     minversion=VERSION,
-+                                                     maxversion=max_ldb_version_dots,
-                                                      onlyif='talloc tdb tevent',
-                                                      implied_deps='replace talloc tdb tevent ldb'):
-                     using_system_pyldb_util = False
-@@ -86,9 +96,11 @@ def configure(conf):
-             if using_system_pyldb_util:
-                 conf.define('USING_SYSTEM_PYLDB_UTIL', 1)
- 
-            if conf.CHECK_BUNDLED_SYSTEM_PKG('ldb', minversion=VERSION,
-                                         onlyif='talloc tdb tevent pyldb-util',
-                                         implied_deps='replace talloc tdb tevent'):
-+            if conf.CHECK_BUNDLED_SYSTEM_PKG('ldb',
-+                                             minversion=VERSION,
-+                                             maxversion=max_ldb_version_dots,
-+                                             onlyif='talloc tdb tevent pyldb-util',
-+                                             implied_deps='replace talloc tdb tevent'):
-                 conf.define('USING_SYSTEM_LDB', 1)
- 
-     if conf.CONFIG_SET('USING_SYSTEM_LDB'):
-- 
-2.18.0
diff --git a/meta-networking/recipes-connectivity/samba/samba_4.8.4.bb b/meta-networking/recipes-connectivity/samba/samba_4.8.11.bb
index 2a785bd89..8b29d9bad 100644
--- a/meta-networking/recipes-connectivity/samba/samba_4.8.4.bb
+++ b/meta-networking/recipes-connectivity/samba/samba_4.8.11.bb
@@ -23,7 +23,6 @@ SRC_URI = "${SAMBA_MIRROR}/stable/samba-${PV}.tar.gz \
           file://dnsserver-4.7.0.patch \
           file://smb_conf-4.7.0.patch \
           file://volatiles.03_samba \
-           file://0001-ldb-Refuse-to-build-Samba-against-a-newer-minor-vers.patch \
           "
 SRC_URI_append_libc-musl = " \
           file://samba-pam.patch \
@@ -31,8 +30,8 @@ SRC_URI_append_libc-musl = " \
           file://cmocka-uintptr_t.patch \
          "
-SRC_URI[md5sum] = "ca5bfbebd8d9eb95506e16594b2bbee2"
+SRC_URI[md5sum] = "de61611075e97ea98140a42d9189d9a5"
-SRC_URI[sha256sum] = "f5044d149e01894a08b1d114b8b69aed78171a7bb19608bd1fd771453b9a5406"
+SRC_URI[sha256sum] = "d294a8d7455d7d252d7bafc9c474855ea6e0ebe559c3babcd303a5c24e58710a"
 UPSTREAM_CHECK_REGEX = "samba\-(?P<pver>4\.8(\.\d+)+).tar.gz"
@@ -92,7 +91,7 @@ PACKAGECONFIG[archive] = "--with-libarchive, --without-libarchive, libarchive"
 # We are now at 4.7.0, so take the above with a grain of salt. We do not need to know where
 # krb5kdc is unless ad-dc is enabled, but we tell configure anyhow.
 #
-PACKAGECONFIG[ad-dc] = ",--without-ad-dc,,"
+PACKAGECONFIG[ad-dc] = "--with-experimental-mit-ad-dc,--without-ad-dc,,"
 PACKAGECONFIG[gnutls] = "--enable-gnutls,--disable-gnutls,gnutls,"
 PACKAGECONFIG[mitkrb5] = "--with-system-mitkrb5 --with-system-mitkdc=/usr/sbin/krb5kdc,,krb5,"
author	Johannes Pointner <johannes.pointner@br-automation.com>	2019-05-08 09:31:19 +0200
committer	Armin Kuster <akuster808@gmail.com>	2019-05-23 07:03:43 -0700
commit	72506457f01fc03d883f79ff871a698eabf01e9e (patch)
tree	d125e67f2f57e279369e31e95d3c680b4234c1e1
parent	752d14e05dbe6b6d3f406ad79396da4af08c2d81 (diff)
download	meta-openembedded-72506457f01fc03d883f79ff871a698eabf01e9e.tar.gz

diff --git a/meta-networking/recipes-connectivity/samba/samba/0001-ldb-Refuse-to-build-Samba-against-a-newer-minor-vers.patch b/meta-networking/recipes-connectivity/samba/samba/0001-ldb-Refuse-to-build-Samba-against-a-newer-minor-vers.patch deleted file mode 100644 index 4c94831d7..000000000 --- a/meta-networking/recipes-connectivity/samba/samba/0001-ldb-Refuse-to-build-Samba-against-a-newer-minor-vers.patch +++ /dev/null
@@ -1,86 +0,0 @@
1	From 0bc8bc4143a58f91f6d7ce228b6763f377fdf45a Mon Sep 17 00:00:00 2001
2	From: Andrew Bartlett <abartlet@samba.org>
3	Date: Thu, 12 Jul 2018 12:34:56 +1200
4	Subject: [PATCH] ldb: Refuse to build Samba against a newer minor version of
5	ldb
6
7	Samba is not compatible with new versions of ldb (except release versions)
8
9	Other users would not notice the breakages, but Samba makes many
10	more assuptions about the LDB internals than any other package.
11
12	(Specifically, LDB 1.2 and 1.4 broke builds against released
13	Samba versions)
14
15	BUG: https://bugzilla.samba.org/show_bug.cgi?id=13519
16
17	Signed-off-by: Andrew Bartlett <abartlet@samba.org>
18	Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
19	(cherry picked from commit 52efa796538ae004ca62ea32fc8c833472991be6)
20	---
21	lib/ldb/wscript \| 32 ++++++++++++++++++++++----------
22	1 file changed, 22 insertions(+), 10 deletions(-)
23
24	diff --git a/lib/ldb/wscript b/lib/ldb/wscript
25	index d94086b..2bb0832 100644
26	--- a/lib/ldb/wscript
27	+++ b/lib/ldb/wscript
28	@@ -62,23 +62,33 @@ def configure(conf):
29	conf.env.standalone_ldb = conf.IN_LAUNCH_DIR()
30
31	if not conf.env.standalone_ldb:
32	+ max_ldb_version = [int(x) for x in VERSION.split(".")]
33	+ max_ldb_version[2] = 999
34	+ max_ldb_version_dots = "%d.%d.%d" % tuple(max_ldb_version)
35	+
36	if conf.env.disable_python:
37	- if conf.CHECK_BUNDLED_SYSTEM_PKG('ldb', minversion=VERSION,
38	- onlyif='talloc tdb tevent',
39	- implied_deps='replace talloc tdb tevent'):
40	+ if conf.CHECK_BUNDLED_SYSTEM_PKG('ldb',
41	+ minversion=VERSION,
42	+ maxversion=max_ldb_version_dots,
43	+ onlyif='talloc tdb tevent',
44	+ implied_deps='replace talloc tdb tevent'):
45	conf.define('USING_SYSTEM_LDB', 1)
46	else:
47	using_system_pyldb_util = True
48	- if not conf.CHECK_BUNDLED_SYSTEM_PKG('pyldb-util', minversion=VERSION,
49	- onlyif='talloc tdb tevent',
50	- implied_deps='replace talloc tdb tevent ldb'):
51	+ if not conf.CHECK_BUNDLED_SYSTEM_PKG('pyldb-util',
52	+ minversion=VERSION,
53	+ maxversion=max_ldb_version_dots,
54	+ onlyif='talloc tdb tevent',
55	+ implied_deps='replace talloc tdb tevent ldb'):
56	using_system_pyldb_util = False
57
58	# We need to get a pyldb-util for all the python versions
59	# we are building for
60	if conf.env['EXTRA_PYTHON']:
61	name = 'pyldb-util' + conf.all_envs['extrapython']['PYTHON_SO_ABI_FLAG']
62	- if not conf.CHECK_BUNDLED_SYSTEM_PKG(name, minversion=VERSION,
63	+ if not conf.CHECK_BUNDLED_SYSTEM_PKG(name,
64	+ minversion=VERSION,
65	+ maxversion=max_ldb_version_dots,
66	onlyif='talloc tdb tevent',
67	implied_deps='replace talloc tdb tevent ldb'):
68	using_system_pyldb_util = False
69	@@ -86,9 +96,11 @@ def configure(conf):
70	if using_system_pyldb_util:
71	conf.define('USING_SYSTEM_PYLDB_UTIL', 1)
72
73	- if conf.CHECK_BUNDLED_SYSTEM_PKG('ldb', minversion=VERSION,
74	- onlyif='talloc tdb tevent pyldb-util',
75	- implied_deps='replace talloc tdb tevent'):
76	+ if conf.CHECK_BUNDLED_SYSTEM_PKG('ldb',
77	+ minversion=VERSION,
78	+ maxversion=max_ldb_version_dots,
79	+ onlyif='talloc tdb tevent pyldb-util',
80	+ implied_deps='replace talloc tdb tevent'):
81	conf.define('USING_SYSTEM_LDB', 1)
82
83	if conf.CONFIG_SET('USING_SYSTEM_LDB'):
84	--
85	2.18.0
86


diff --git a/meta-networking/recipes-connectivity/samba/samba_4.8.4.bb b/meta-networking/recipes-connectivity/samba/samba_4.8.11.bb index 2a785bd89..8b29d9bad 100644 --- a/meta-networking/recipes-connectivity/samba/samba_4.8.4.bb +++ b/meta-networking/recipes-connectivity/samba/samba_4.8.11.bb
@@ -23,7 +23,6 @@ SRC_URI = "${SAMBA_MIRROR}/stable/samba-${PV}.tar.gz \
23	file://dnsserver-4.7.0.patch \	23	file://dnsserver-4.7.0.patch \
24	file://smb_conf-4.7.0.patch \	24	file://smb_conf-4.7.0.patch \
25	file://volatiles.03_samba \	25	file://volatiles.03_samba \
26	file://0001-ldb-Refuse-to-build-Samba-against-a-newer-minor-vers.patch \
27	"	26	"
28	SRC_URI_append_libc-musl = " \	27	SRC_URI_append_libc-musl = " \
29	file://samba-pam.patch \	28	file://samba-pam.patch \
@@ -31,8 +30,8 @@ SRC_URI_append_libc-musl = " \
31	file://cmocka-uintptr_t.patch \	30	file://cmocka-uintptr_t.patch \
32	"	31	"
33		32
34	SRC_URI[md5sum] = "ca5bfbebd8d9eb95506e16594b2bbee2"	33	SRC_URI[md5sum] = "de61611075e97ea98140a42d9189d9a5"
35	SRC_URI[sha256sum] = "f5044d149e01894a08b1d114b8b69aed78171a7bb19608bd1fd771453b9a5406"	34	SRC_URI[sha256sum] = "d294a8d7455d7d252d7bafc9c474855ea6e0ebe559c3babcd303a5c24e58710a"
36		35
37	UPSTREAM_CHECK_REGEX = "samba\-(?P<pver>4\.8(\.\d+)+).tar.gz"	36	UPSTREAM_CHECK_REGEX = "samba\-(?P<pver>4\.8(\.\d+)+).tar.gz"
38		37
@@ -92,7 +91,7 @@ PACKAGECONFIG[archive] = "--with-libarchive, --without-libarchive, libarchive"
92	# We are now at 4.7.0, so take the above with a grain of salt. We do not need to know where	91	# We are now at 4.7.0, so take the above with a grain of salt. We do not need to know where
93	# krb5kdc is unless ad-dc is enabled, but we tell configure anyhow.	92	# krb5kdc is unless ad-dc is enabled, but we tell configure anyhow.
94	#	93	#
95	PACKAGECONFIG[ad-dc] = ",--without-ad-dc,,"	94	PACKAGECONFIG[ad-dc] = "--with-experimental-mit-ad-dc,--without-ad-dc,,"
96	PACKAGECONFIG[gnutls] = "--enable-gnutls,--disable-gnutls,gnutls,"	95	PACKAGECONFIG[gnutls] = "--enable-gnutls,--disable-gnutls,gnutls,"
97	PACKAGECONFIG[mitkrb5] = "--with-system-mitkrb5 --with-system-mitkdc=/usr/sbin/krb5kdc,,krb5,"	96	PACKAGECONFIG[mitkrb5] = "--with-system-mitkrb5 --with-system-mitkdc=/usr/sbin/krb5kdc,,krb5,"
98		97