samba: update to 4.8.11

* This includes security fixes that adresses the following defects: CVE-2018-14629 (Unprivileged adding of CNAME record causing loop in AD Internal DNS server) CVE-2018-16841 (Double-free in Samba AD DC KDC with PKINIT) CVE-2018-16851 (NULL pointer de-reference in Samba AD DC LDAP server) CVE-2018-16853 (Samba AD DC S4U2Self crash in experimental MIT Kerberos configuration (unsupported)) CVE-2019-3880 (Save registry file outside share as unprivileged user) * Upstreamed patch removed: 0001-ldb-Refuse-to-build-Samba-against-a-newer-minor-vers.patch * Extended PACKAGECONFIG ad-dc to be able to build MIT Kerberos see https://bugzilla.samba.org/show_bug.cgi?id=13678 Signed-off-by: Johannes Pointner <johannes.pointner@br-automation.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
author: Johannes Pointner <johannes.pointner@br-automation.com> 2019-05-08 09:31:19 +0200
committer: Khem Raj <raj.khem@gmail.com> 2019-05-09 20:34:33 -0700
commit: 11e7ffc442ddca6536c23edc5831e8137f519a0c (patch)
tree: be53ba4d0e9c31adffdcd563ffa8dae3f757cc97 /meta-networking
parent: 7edaba2496d6132fa6b74a7940bb9a4b4c8a4dfb (diff)
download: meta-openembedded-11e7ffc442ddca6536c23edc5831e8137f519a0c.tar.gz
2 files changed, 3 insertions, 90 deletions
diff --git a/meta-networking/recipes-connectivity/samba/samba/0001-ldb-Refuse-to-build-Samba-against-a-newer-minor-vers.patch b/meta-networking/recipes-connectivity/samba/samba/0001-ldb-Refuse-to-build-Samba-against-a-newer-minor-vers.patch
deleted file mode 100644
index 4c94831d7..000000000
--- a/meta-networking/recipes-connectivity/samba/samba/0001-ldb-Refuse-to-build-Samba-against-a-newer-minor-vers.patch
+++ /dev/null
@@ -1,86 +0,0 @@
-From 0bc8bc4143a58f91f6d7ce228b6763f377fdf45a Mon Sep 17 00:00:00 2001
-From: Andrew Bartlett <abartlet@samba.org>
-Date: Thu, 12 Jul 2018 12:34:56 +1200
-Subject: [PATCH] ldb: Refuse to build Samba against a newer minor version of
- ldb
-Samba is not compatible with new versions of ldb (except release versions)
-Other users would not notice the breakages, but Samba makes many
-more assuptions about the LDB internals than any other package.
-(Specifically, LDB 1.2 and 1.4 broke builds against released
-Samba versions)
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=13519
-Signed-off-by: Andrew Bartlett <abartlet@samba.org>
-Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
-(cherry picked from commit 52efa796538ae004ca62ea32fc8c833472991be6)
---
- lib/ldb/wscript | 32 ++++++++++++++++++++++----------
- 1 file changed, 22 insertions(+), 10 deletions(-)
-diff --git a/lib/ldb/wscript b/lib/ldb/wscript
-index d94086b..2bb0832 100644
--- a/lib/ldb/wscript
-+++ b/lib/ldb/wscript
-@@ -62,23 +62,33 @@ def configure(conf):
-     conf.env.standalone_ldb = conf.IN_LAUNCH_DIR()
- 
-     if not conf.env.standalone_ldb:
-+        max_ldb_version = [int(x) for x in VERSION.split(".")]
-+        max_ldb_version[2] = 999
-+        max_ldb_version_dots = "%d.%d.%d" % tuple(max_ldb_version)
-+
-         if conf.env.disable_python:
-            if conf.CHECK_BUNDLED_SYSTEM_PKG('ldb', minversion=VERSION,
-                                         onlyif='talloc tdb tevent',
-                                         implied_deps='replace talloc tdb tevent'):
-+            if conf.CHECK_BUNDLED_SYSTEM_PKG('ldb',
-+                                             minversion=VERSION,
-+                                             maxversion=max_ldb_version_dots,
-+                                             onlyif='talloc tdb tevent',
-+                                             implied_deps='replace talloc tdb tevent'):
-                 conf.define('USING_SYSTEM_LDB', 1)
-         else:
-             using_system_pyldb_util = True
-            if not conf.CHECK_BUNDLED_SYSTEM_PKG('pyldb-util', minversion=VERSION,
-                                             onlyif='talloc tdb tevent',
-                                             implied_deps='replace talloc tdb tevent ldb'):
-+            if not conf.CHECK_BUNDLED_SYSTEM_PKG('pyldb-util',
-+                                                 minversion=VERSION,
-+                                                 maxversion=max_ldb_version_dots,
-+                                                 onlyif='talloc tdb tevent',
-+                                                 implied_deps='replace talloc tdb tevent ldb'):
-                 using_system_pyldb_util = False
- 
-             # We need to get a pyldb-util for all the python versions
-             # we are building for
-             if conf.env['EXTRA_PYTHON']:
-                 name = 'pyldb-util' + conf.all_envs['extrapython']['PYTHON_SO_ABI_FLAG']
-                if not conf.CHECK_BUNDLED_SYSTEM_PKG(name, minversion=VERSION,
-+                if not conf.CHECK_BUNDLED_SYSTEM_PKG(name,
-+                                                     minversion=VERSION,
-+                                                     maxversion=max_ldb_version_dots,
-                                                      onlyif='talloc tdb tevent',
-                                                      implied_deps='replace talloc tdb tevent ldb'):
-                     using_system_pyldb_util = False
-@@ -86,9 +96,11 @@ def configure(conf):
-             if using_system_pyldb_util:
-                 conf.define('USING_SYSTEM_PYLDB_UTIL', 1)
- 
-            if conf.CHECK_BUNDLED_SYSTEM_PKG('ldb', minversion=VERSION,
-                                         onlyif='talloc tdb tevent pyldb-util',
-                                         implied_deps='replace talloc tdb tevent'):
-+            if conf.CHECK_BUNDLED_SYSTEM_PKG('ldb',
-+                                             minversion=VERSION,
-+                                             maxversion=max_ldb_version_dots,
-+                                             onlyif='talloc tdb tevent pyldb-util',
-+                                             implied_deps='replace talloc tdb tevent'):
-                 conf.define('USING_SYSTEM_LDB', 1)
- 
-     if conf.CONFIG_SET('USING_SYSTEM_LDB'):
-- 
-2.18.0
diff --git a/meta-networking/recipes-connectivity/samba/samba_4.8.4.bb b/meta-networking/recipes-connectivity/samba/samba_4.8.11.bb
index c3a94f204..8c08d1ed3 100644
--- a/meta-networking/recipes-connectivity/samba/samba_4.8.4.bb
+++ b/meta-networking/recipes-connectivity/samba/samba_4.8.11.bb
@@ -23,7 +23,6 @@ SRC_URI = "${SAMBA_MIRROR}/stable/samba-${PV}.tar.gz \
           file://dnsserver-4.7.0.patch \
           file://smb_conf-4.7.0.patch \
           file://volatiles.03_samba \
-           file://0001-ldb-Refuse-to-build-Samba-against-a-newer-minor-vers.patch \
           "
 SRC_URI_append_libc-musl = " \
           file://samba-pam.patch \
@@ -31,8 +30,8 @@ SRC_URI_append_libc-musl = " \
           file://cmocka-uintptr_t.patch \
          "
-SRC_URI[md5sum] = "ca5bfbebd8d9eb95506e16594b2bbee2"
+SRC_URI[md5sum] = "de61611075e97ea98140a42d9189d9a5"
-SRC_URI[sha256sum] = "f5044d149e01894a08b1d114b8b69aed78171a7bb19608bd1fd771453b9a5406"
+SRC_URI[sha256sum] = "d294a8d7455d7d252d7bafc9c474855ea6e0ebe559c3babcd303a5c24e58710a"
 UPSTREAM_CHECK_REGEX = "samba\-(?P<pver>4\.8(\.\d+)+).tar.gz"
@@ -93,7 +92,7 @@ PACKAGECONFIG[libunwind] = ", , libunwind"
 # We are now at 4.7.0, so take the above with a grain of salt. We do not need to know where
 # krb5kdc is unless ad-dc is enabled, but we tell configure anyhow.
 #
-PACKAGECONFIG[ad-dc] = ",--without-ad-dc,,"
+PACKAGECONFIG[ad-dc] = "--with-experimental-mit-ad-dc,--without-ad-dc,,"
 PACKAGECONFIG[gnutls] = "--enable-gnutls,--disable-gnutls,gnutls,"
 PACKAGECONFIG[mitkrb5] = "--with-system-mitkrb5 --with-system-mitkdc=/usr/sbin/krb5kdc,,krb5,"
author	Johannes Pointner <johannes.pointner@br-automation.com>	2019-05-08 09:31:19 +0200
committer	Khem Raj <raj.khem@gmail.com>	2019-05-09 20:34:33 -0700
commit	11e7ffc442ddca6536c23edc5831e8137f519a0c (patch)
tree	be53ba4d0e9c31adffdcd563ffa8dae3f757cc97 /meta-networking
parent	7edaba2496d6132fa6b74a7940bb9a4b4c8a4dfb (diff)
download	meta-openembedded-11e7ffc442ddca6536c23edc5831e8137f519a0c.tar.gz

diff --git a/meta-networking/recipes-connectivity/samba/samba/0001-ldb-Refuse-to-build-Samba-against-a-newer-minor-vers.patch b/meta-networking/recipes-connectivity/samba/samba/0001-ldb-Refuse-to-build-Samba-against-a-newer-minor-vers.patch deleted file mode 100644 index 4c94831d7..000000000 --- a/meta-networking/recipes-connectivity/samba/samba/0001-ldb-Refuse-to-build-Samba-against-a-newer-minor-vers.patch +++ /dev/null
@@ -1,86 +0,0 @@
1	From 0bc8bc4143a58f91f6d7ce228b6763f377fdf45a Mon Sep 17 00:00:00 2001
2	From: Andrew Bartlett <abartlet@samba.org>
3	Date: Thu, 12 Jul 2018 12:34:56 +1200
4	Subject: [PATCH] ldb: Refuse to build Samba against a newer minor version of
5	ldb
6
7	Samba is not compatible with new versions of ldb (except release versions)
8
9	Other users would not notice the breakages, but Samba makes many
10	more assuptions about the LDB internals than any other package.
11
12	(Specifically, LDB 1.2 and 1.4 broke builds against released
13	Samba versions)
14
15	BUG: https://bugzilla.samba.org/show_bug.cgi?id=13519
16
17	Signed-off-by: Andrew Bartlett <abartlet@samba.org>
18	Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
19	(cherry picked from commit 52efa796538ae004ca62ea32fc8c833472991be6)
20	---
21	lib/ldb/wscript \| 32 ++++++++++++++++++++++----------
22	1 file changed, 22 insertions(+), 10 deletions(-)
23
24	diff --git a/lib/ldb/wscript b/lib/ldb/wscript
25	index d94086b..2bb0832 100644
26	--- a/lib/ldb/wscript
27	+++ b/lib/ldb/wscript
28	@@ -62,23 +62,33 @@ def configure(conf):
29	conf.env.standalone_ldb = conf.IN_LAUNCH_DIR()
30
31	if not conf.env.standalone_ldb:
32	+ max_ldb_version = [int(x) for x in VERSION.split(".")]
33	+ max_ldb_version[2] = 999
34	+ max_ldb_version_dots = "%d.%d.%d" % tuple(max_ldb_version)
35	+
36	if conf.env.disable_python:
37	- if conf.CHECK_BUNDLED_SYSTEM_PKG('ldb', minversion=VERSION,
38	- onlyif='talloc tdb tevent',
39	- implied_deps='replace talloc tdb tevent'):
40	+ if conf.CHECK_BUNDLED_SYSTEM_PKG('ldb',
41	+ minversion=VERSION,
42	+ maxversion=max_ldb_version_dots,
43	+ onlyif='talloc tdb tevent',
44	+ implied_deps='replace talloc tdb tevent'):
45	conf.define('USING_SYSTEM_LDB', 1)
46	else:
47	using_system_pyldb_util = True
48	- if not conf.CHECK_BUNDLED_SYSTEM_PKG('pyldb-util', minversion=VERSION,
49	- onlyif='talloc tdb tevent',
50	- implied_deps='replace talloc tdb tevent ldb'):
51	+ if not conf.CHECK_BUNDLED_SYSTEM_PKG('pyldb-util',
52	+ minversion=VERSION,
53	+ maxversion=max_ldb_version_dots,
54	+ onlyif='talloc tdb tevent',
55	+ implied_deps='replace talloc tdb tevent ldb'):
56	using_system_pyldb_util = False
57
58	# We need to get a pyldb-util for all the python versions
59	# we are building for
60	if conf.env['EXTRA_PYTHON']:
61	name = 'pyldb-util' + conf.all_envs['extrapython']['PYTHON_SO_ABI_FLAG']
62	- if not conf.CHECK_BUNDLED_SYSTEM_PKG(name, minversion=VERSION,
63	+ if not conf.CHECK_BUNDLED_SYSTEM_PKG(name,
64	+ minversion=VERSION,
65	+ maxversion=max_ldb_version_dots,
66	onlyif='talloc tdb tevent',
67	implied_deps='replace talloc tdb tevent ldb'):
68	using_system_pyldb_util = False
69	@@ -86,9 +96,11 @@ def configure(conf):
70	if using_system_pyldb_util:
71	conf.define('USING_SYSTEM_PYLDB_UTIL', 1)
72
73	- if conf.CHECK_BUNDLED_SYSTEM_PKG('ldb', minversion=VERSION,
74	- onlyif='talloc tdb tevent pyldb-util',
75	- implied_deps='replace talloc tdb tevent'):
76	+ if conf.CHECK_BUNDLED_SYSTEM_PKG('ldb',
77	+ minversion=VERSION,
78	+ maxversion=max_ldb_version_dots,
79	+ onlyif='talloc tdb tevent pyldb-util',
80	+ implied_deps='replace talloc tdb tevent'):
81	conf.define('USING_SYSTEM_LDB', 1)
82
83	if conf.CONFIG_SET('USING_SYSTEM_LDB'):
84	--
85	2.18.0
86


diff --git a/meta-networking/recipes-connectivity/samba/samba_4.8.4.bb b/meta-networking/recipes-connectivity/samba/samba_4.8.11.bb index c3a94f204..8c08d1ed3 100644 --- a/meta-networking/recipes-connectivity/samba/samba_4.8.4.bb +++ b/meta-networking/recipes-connectivity/samba/samba_4.8.11.bb
@@ -23,7 +23,6 @@ SRC_URI = "${SAMBA_MIRROR}/stable/samba-${PV}.tar.gz \
23	file://dnsserver-4.7.0.patch \	23	file://dnsserver-4.7.0.patch \
24	file://smb_conf-4.7.0.patch \	24	file://smb_conf-4.7.0.patch \
25	file://volatiles.03_samba \	25	file://volatiles.03_samba \
26	file://0001-ldb-Refuse-to-build-Samba-against-a-newer-minor-vers.patch \
27	"	26	"
28	SRC_URI_append_libc-musl = " \	27	SRC_URI_append_libc-musl = " \
29	file://samba-pam.patch \	28	file://samba-pam.patch \
@@ -31,8 +30,8 @@ SRC_URI_append_libc-musl = " \
31	file://cmocka-uintptr_t.patch \	30	file://cmocka-uintptr_t.patch \
32	"	31	"
33		32
34	SRC_URI[md5sum] = "ca5bfbebd8d9eb95506e16594b2bbee2"	33	SRC_URI[md5sum] = "de61611075e97ea98140a42d9189d9a5"
35	SRC_URI[sha256sum] = "f5044d149e01894a08b1d114b8b69aed78171a7bb19608bd1fd771453b9a5406"	34	SRC_URI[sha256sum] = "d294a8d7455d7d252d7bafc9c474855ea6e0ebe559c3babcd303a5c24e58710a"
36		35
37	UPSTREAM_CHECK_REGEX = "samba\-(?P<pver>4\.8(\.\d+)+).tar.gz"	36	UPSTREAM_CHECK_REGEX = "samba\-(?P<pver>4\.8(\.\d+)+).tar.gz"
38		37
@@ -93,7 +92,7 @@ PACKAGECONFIG[libunwind] = ", , libunwind"
93	# We are now at 4.7.0, so take the above with a grain of salt. We do not need to know where	92	# We are now at 4.7.0, so take the above with a grain of salt. We do not need to know where
94	# krb5kdc is unless ad-dc is enabled, but we tell configure anyhow.	93	# krb5kdc is unless ad-dc is enabled, but we tell configure anyhow.
95	#	94	#
96	PACKAGECONFIG[ad-dc] = ",--without-ad-dc,,"	95	PACKAGECONFIG[ad-dc] = "--with-experimental-mit-ad-dc,--without-ad-dc,,"
97	PACKAGECONFIG[gnutls] = "--enable-gnutls,--disable-gnutls,gnutls,"	96	PACKAGECONFIG[gnutls] = "--enable-gnutls,--disable-gnutls,gnutls,"
98	PACKAGECONFIG[mitkrb5] = "--with-system-mitkrb5 --with-system-mitkdc=/usr/sbin/krb5kdc,,krb5,"	97	PACKAGECONFIG[mitkrb5] = "--with-system-mitkrb5 --with-system-mitkdc=/usr/sbin/krb5kdc,,krb5,"
99		98