| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* This includes security fixes that adresses the following defects:
CVE-2018-14629 (Unprivileged adding of CNAME record causing loop in AD
Internal DNS server)
CVE-2018-16841 (Double-free in Samba AD DC KDC with PKINIT)
CVE-2018-16851 (NULL pointer de-reference in Samba AD DC LDAP server)
CVE-2018-16853 (Samba AD DC S4U2Self crash in experimental MIT Kerberos
configuration (unsupported))
CVE-2019-3880 (Save registry file outside share as unprivileged user)
* Upstreamed patch removed:
0001-ldb-Refuse-to-build-Samba-against-a-newer-minor-vers.patch
* Extended PACKAGECONFIG ad-dc to be able to build MIT Kerberos
see https://bugzilla.samba.org/show_bug.cgi?id=13678
Signed-off-by: Johannes Pointner <johannes.pointner@br-automation.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Now that we can install smbclient without samba package e.g for gvfs there are
complains:
| gvsd: mkdir failed on directory /var/lib/samba: Permission denied
and browsing Windows network does not work anymore
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Otherwise bundled libraries find their way into samba
-> that causes several packages to rdepend on samba package
-> samba package rdepends on samba-base (and others) installing daemons
smbd & nmbd autostarted by default. This is unwanted / not necessary:
* NetBIOS (nmbd) can cause a security problems
* slow boot: times reported by systemd-analyse reduced from ~16s -> ~8s
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A couple have still been missed in the past despite multiple
attempts at doing so (or simply have re-appeared?).
Search & replace made using the following command:
sed -e 's|\(d\.getVar \?\)( \?\([^,()]*\), \?True)|\1(\2)|g' \
-i $(git grep -E 'getVar ?\( ?([^,()]*), ?True\)' \
| cut -d':' -f1 \
| sort -u)
Signed-off-by: André Draszik <andre.draszik@jci.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There is the same issue as for libldb, the header has conflicting defs
for unitptr_t. Fix it as done for the other recipe.
Fix
/cmocka/cmocka.h:126:28: error: conflicting types for 'uintptr_t'
typedef unsigned int uintptr_t;
^~~~~~~~~
Signed-off-by: Andrea Adami <andrea.adami@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Security fixes:
CVE-2018-1139 (Weak authentication protocol allowed.)
CVE-2018-1140 (Denial of Service Attack on DNS and LDAP server.)
CVE-2018-10858 (Insufficient input validation on client directory listing in libsmbclient.)
CVE-2018-10918 (Denial of Service Attack on AD DC DRSUAPI server.)
CVE-2018-10919 (Confidential attribute disclosure from the AD LDAP server.)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
|
|
|
|
| |
LDB 1.4.0 breaks Samba < 4.9 therefore use internal version
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
|
|
|
| |
Signed-off-by: Lei Maohui <leimaohui@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
|
|
|
| |
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
|
|
|
|
|
|
|
|
| |
Since those modules are dynamically split into sub-packages, they need
a regexp added to PACKAGES_DYNAMIC in order for the samba recipe to
RPROVIDE those packages. Without that, those packages are only known as
RRECOMMENDS for samba-base, which can be an issue when building an image
with NO_RECOMMENDATIONS = "1".
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
An error in the Samba installation occurs with distros LSB:
install: cannot stat 'packaging/LSB/samba.sh': No such
file or directory
exit 1 from 'install -m 0755 packaging/LSB/samba.sh
LSB packaging directory was removed in Samba 4.7:
commit 0a23cde8efea06f81c6d34227b71dab627cc87b9
Author: Andreas Schneider <asn@samba.org>
Date: Tue May 9 15:48:09 2017 +0200
packaging: Remove LSB packaging
This hasn't been touched since 2001.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
This patch removes the conditional 'if' and uses always
compatible sysv script.
Signed-off-by: Pablo Saavedra <psaavedra@igalia.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
|
|
|
|
| |
For 16-do-not-check-xsltproc-manpages.patch devtool created a heavy monster
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
This includes security fixes that adresses the following defects:
CVE-2018-1050 (Denial of Service Attack on external print server.)
CVE-2018-1057 (Authenticated users can change other users' password.)
* Detail release note:
- https://www.samba.org/samba/history/samba-4.7.6.html
Signed-off-by: Johannes Pointner <johannes.pointner@br-automation.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This includes security fixes that adresses the following defects:
CVE-2017-14746: s3: smbd: Fix SMB1 use-after-free crash bug.
CVE-2017-15275: s3: smbd: Chain code can return uninitialized memory when
talloc buffer is grown.
* Detail release note:
- https://www.samba.org/samba/history/samba-4.7.5.html
Signed-off-by: Johannes Pointner <johannes.pointner@br-automation.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
|
|
|
|
|
|
|
| |
last update left the musl builds broken since the
patch was not forward ported
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
|
|
|
|
|
|
| |
Add packagegroup for samba, for there are too many rpms in samba and it's hard to manage.
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
|
|
|
|
|
|
|
|
|
| |
smbnetfs: require pam in DISTRO_FEATURES
* there is explicit dependency on libpam without respecting pam in DISTRO_FEATURES
so add the check to prevent people building it against broken libpam
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
|
|
| |
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
|
|
|
|
|
|
|
| |
ad-dc code is built and krb5 is used. If booting using systemd,
'nmb' and 'smb' are started. 'samba' is not.
Signed-off-by: Joe Slater <jslater@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
|
|
|
|
|
|
| |
this slipped in. it should not have been merged to master
This reverts commit 9245c2a7ec30ba5df6826acd91d7a76d7f51d017.
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* samba-tool requires the python modules from samba-python
or it fails with:
Traceback (most recent call last):
File "/usr/bin/samba-tool", line 33, in <module>
from samba.netcmd.main import cmd_sambatool
ImportError: No module named samba.netcmd.main
* Provisioning with samba-tool requires samba-dsdb-modules
or it fails with:
Setting up secrets.ldb
ldb: unable to stat module /usr/lib64/samba/ldb : No such file or directory
WARNING: Module [samba_secrets] not found - do you need to set LDB_MODULES_PATH?
Unable to load modules for /var/lib/samba/private/secrets.ldb: (null)
ERROR(ldb): uncaught exception - None
* samba-python requires pytalloc and python-tdb or it fails with:
TypeError: pytalloc: unable to get talloc.BaseObject type
ERROR(<type 'exceptions.ImportError'>): uncaught exception - No module named tdb
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
|
| |
Signed-off-by: Huang Qiyu <huangqy.fnst@cn.fujitsu.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
|
|
|
|
|
|
| |
Upgrade samba from 4.6.5 to 4.6.7 to fix CVE-2017-11103.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This includes a security fix that adresses the following defect:
CVE-2017-7494 (Remote code execution from a writable share)
* Detail release note:
- https://www.samba.org/samba/history/samba-4.6.5.html
* Remove 00-fix-typos-in-man-pages.patch which has been fixed
upstream a long time ago
Signed-off-by: Johannes Pointner <johannes.pointner@br-automation.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
|
|
|
|
| |
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
|
|
|
|
| |
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
|
|
|
|
|
|
| |
Use the same permissions for sudoers.d as in the sudo package.
Signed-off-by: Gyorgy Szombathelyi <gyurco@freemail.hu>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update the tevent_internal.h file to the same version
as the current OpenEmbedded recipe version, otherwise
nmbd will segfault immediately at start, and strange
crashes occurs with smbd. Samba uses this internal
libtevent header file, and it is crucial to match
this file to the external libtevent.
Signed-off-by: Gyorgy Szombathelyi <gyurco@freemail.hu>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
|
|
|
| |
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
|
|
|
|
| |
This reverts commit cd366899ed6f0f07d643fd4e54c1ccb91540fc23.
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
|
|
|
|
|
|
|
|
| |
Since Samba uses libtevent-internal.h in some places, it is
incompatible with external libtevent versions if they're not
the same as the built-in, and just crashes.
Signed-off-by: Gyorgy Szombathelyi <gyurco@freemail.hu>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
|
|
|
|
|
|
|
| |
Waf doesn't handle -l. Use a function already provided by waf.bbclass
in OE-Core. Inheriting waf.bbclass also makes overriding DISABLE_STATIC
redundant, so drop it from recipes inheriting waf-samba.
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
|
|
|
|
|
| |
| sed: can't read .../4.4.5-r0/image/usr/bin/onnode: No such file or directory
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
|
|
|
| |
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
|
|
|
| |
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
|
|
|
|
|
| |
in samba-common
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
|
|
|
|
|
| |
Inspired by Debian.
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
|
|
|
|
|
|
|
|
| |
It's quite hard to track library dependencies manually between
releases. Splitting libraries into their own packages creates
some overhead but effectively uses less storage in minimal
installations.
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
|
|
|
| |
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
|
|
|
| |
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
|
|
|
| |
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
|
|
|
|
|
| |
Fixes hybrid systemd/sysvinit setups.
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
|
|
|
|
|
| |
This gets masked automatically by samba.service if systemd is running.
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
|
|
|
|
|
|
| |
This includes samba.service, which other major distributions install, too.
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
|
|
|
|
|
|
|
| |
EXTRA_OECONF includes --with-pammodulesdir=${base_libdir}/security
when pam is enabled.
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
|
|
|
|
| |
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
|
|
|
|
|
|
| |
systemd.bbclass takes care of deleting unused startup scripts.
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
|
|
|
|
|
|
| |
There's no need to create multiple packages.
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
|
|
|
|
|
|
|
|
| |
If no network connection appears within DefaultTimeoutStartSec
(~ 90s) after startup, nmbd fails to notify systemd and will
therefore get killed.
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Replace the hardcoded path with base_bindir in init
script to fix the error:
/etc/init.d/samba.sh: line 15: /usr/bin/ps: No such file or directory
/etc/init.d/samba.sh: line 17: /usr/bin/sed: No such file or directory
/etc/init.d/samba.sh: line 16: /usr/bin/grep: No such file or directory
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|