samba: upgrade 4.10.18 -> 4.14.4

The 4.10.x is EOL: https://wiki.samba.org/index.php/Samba_Release_Planning Upgrade to latest 4.14.x. Remove PACKAGECONFIG[gnutls] since the gnutls is now the mandatory requirement for samba. See: https://wiki.samba.org/index.php/Package_Dependencies_Required_to_Build_Samba#Mandatory Refresh patches: 16-do-not-check-xsltproc-manpages.patch 20-do-not-import-target-module-while-cross-compile.patch 21-add-config-option-without-valgrind.patch 0001-Add-options-to-configure-the-use-of-libbsd.patch dnsserver-4.7.0.patch iconv-4.7.0.patch 0001-samba-fix-musl-lib-without-innetgr.patch Drop patches: 0001-lib-replace-wscript-Avoid-generating-nested-main-fun.patch 0001-nsswitch-nsstest.c-Avoid-nss-function-conflicts-with.patch 0001-waf-add-support-of-cross_compile.patch 0002-util_sec.c-Move-__thread-variable-to-global-scope.patch CVE-2020-14318.patch CVE-2020-14383.patch glibc_only.patch smb_conf-4.7.0.patch Add new patches: 0007-wscript_configure_system_gnutls-disable-check-gnutls.patch 0008-source3-wscript-disable-check-fcntl-F_OWNER_EX.patch source3-wscript-disable-check-fcntl-RW_HINTS.patch Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
2026-06-05 14:59:55 +00:00 · 2021-06-05 21:48:16 +08:00
parent 861c0955dd
commit dd422c5467
19 changed files with 307 additions and 647 deletions
@@ -1,12 +1,14 @@
-From 2214c2d1e455a38c891d17e421b438e3f7c495d8 Mon Sep 17 00:00:00 2001
+From 3bc1ebc3d2758af4067b3aace7ddd0ea0cb0b57b Mon Sep 17 00:00:00 2001
 From: Bian Naimeng <biannm@cn.fujitsu.com>
 Date: Mon, 18 Apr 2016 17:00:53 -0400
 Subject: [PATCH] Don't check xsltproc manpages

 Upstream-Status: Pending
- 
+
 Signed-off-by: Bian Naimeng <biannm@cn.fujitsu.com>

+Rebase to 4.14.4
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
 ---
 lib/ldb/wscript    | 2 +-
 lib/talloc/wscript | 2 +-
@@ -14,10 +16,10 @@ Signed-off-by: Bian Naimeng <biannm@cn.fujitsu.com>
 3 files changed, 3 insertions(+), 3 deletions(-)

 diff --git a/lib/ldb/wscript b/lib/ldb/wscript
-index 5ea5231..d94086b 100644
+index bf6129b..c515deb 100644
 --- a/lib/ldb/wscript
 +++ b/lib/ldb/wscript
-@@ -98,7 +98,7 @@ def configure(conf):
+@@ -143,7 +143,7 @@ def configure(conf):
         conf.DEFINE('EXPECTED_SYSTEM_LDB_VERSION_RELEASE', int(v[2]))
 
     if conf.env.standalone_ldb:
@@ -27,10 +29,10 @@ index 5ea5231..d94086b 100644
         # we need this for the ldap backend
         if conf.CHECK_FUNCS_IN('ber_flush ldap_open ldap_initialize', 'lber ldap', headers='lber.h ldap.h'):
 diff --git a/lib/talloc/wscript b/lib/talloc/wscript
-index df7e6be..b3305cf 100644
+index a767477..f754819 100644
 --- a/lib/talloc/wscript
 +++ b/lib/talloc/wscript
-@@ -49,7 +49,7 @@ def configure(conf):
+@@ -48,7 +48,7 @@ def configure(conf):
         conf.env.PKGCONFIGDIR = '${LIBDIR}/pkgconfig'
         conf.env.TALLOC_VERSION = VERSION
 
@@ -40,18 +42,18 @@ index df7e6be..b3305cf 100644
     conf.CHECK_HEADERS('sys/auxv.h')
     conf.CHECK_FUNCS('getauxval')
 diff --git a/lib/tdb/wscript b/lib/tdb/wscript
-index 4782550..6bb3fa1 100644
+index e56ddd0..467dd65 100644
 --- a/lib/tdb/wscript
 +++ b/lib/tdb/wscript
-@@ -89,7 +89,7 @@ def configure(conf):
+@@ -95,7 +95,7 @@ def configure(conf):
         not conf.env.disable_tdb_mutex_locking):
         conf.define('USE_TDB_MUTEX_LOCKING', 1)
 
 -    conf.CHECK_XSLTPROC_MANPAGES()
 +    #conf.CHECK_XSLTPROC_MANPAGES()
 
-     if not conf.env.disable_python:
-         # also disable if we don't have the python libs installed
+     conf.SAMBA_CHECK_PYTHON()
+     conf.SAMBA_CHECK_PYTHON_HEADERS()
 -- 
-2.14.3
+2.17.1

@@ -1,30 +0,0 @@
-From 3a935c638605bfb392ca7780d22c08c1a0a71e71 Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Thu, 5 Sep 2019 21:37:33 -0700
-Subject: [PATCH 1/2] lib/replace/wscript: Avoid generating nested main
- function
-
-clang is not happy when it sees another main nested inside the main
-function and fails the test for prctl syscall, therefore avoid adding
-implicit main() here
-
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
- lib/replace/wscript | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/lib/replace/wscript b/lib/replace/wscript
-index a7fd25d..d6767fc 100644
--- a/lib/replace/wscript
-+++ b/lib/replace/wscript
-@@ -137,6 +137,7 @@ def configure(conf):
-                     }
-                     ''',
-                     'HAVE_PRCTL',
-+                    addmain=False,
-                     headers='sys/prctl.h',
-                     msg='Checking for prctl syscall')
- 
-- 
-2.23.0
-
@@ -1,96 +0,0 @@
-From 9aba5ac17bb822f91f6b214f5b82dd1eb8c47616 Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Wed, 22 Jul 2020 22:42:09 -0700
-Subject: [PATCH] nsswitch/nsstest.c: Avoid nss function conflicts with glibc nss.h
-
-glibc 2.32 will define these varibles [1] which results in conflicts
-with these static function names, therefore prefix these function names
-with samba_ to avoid it
-
-[1] https://sourceware.org/git/?p=glibc.git;a=commit;h=499a92df8b9fc64a054cf3b7f728f8967fc1da7d
-
-Upstream-Status: Submitted [https://gitlab.com/samba-team/samba/-/merge_requests/1477]
-
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
- nsswitch/nsstest.c | 16 ++++++++--------
- 1 file changed, 8 insertions(+), 8 deletions(-)
-
-diff --git a/nsswitch/nsstest.c b/nsswitch/nsstest.c
-index 6d92806..46f9679 100644
--- a/nsswitch/nsstest.c
-+++ b/nsswitch/nsstest.c
-@@ -137,7 +137,7 @@ static struct passwd *nss_getpwuid(uid_t uid)
- 	return &pwd;
- }
- 
-static void nss_setpwent(void)
-+static void samba_nss_setpwent(void)
- {
- 	NSS_STATUS (*_nss_setpwent)(void) =
- 		(NSS_STATUS(*)(void))find_fn("setpwent");
-@@ -152,7 +152,7 @@ static void nss_setpwent(void)
- 	}
- }
- 
-static void nss_endpwent(void)
-+static void samba_nss_endpwent(void)
- {
- 	NSS_STATUS (*_nss_endpwent)(void) =
- 		(NSS_STATUS (*)(void))find_fn("endpwent");
-@@ -284,7 +284,7 @@ again:
- 	return &grp;
- }
- 
-static void nss_setgrent(void)
-+static void samba_nss_setgrent(void)
- {
- 	NSS_STATUS (*_nss_setgrent)(void) =
- 		(NSS_STATUS (*)(void))find_fn("setgrent");
-@@ -299,7 +299,7 @@ static void nss_setgrent(void)
- 	}
- }
- 
-static void nss_endgrent(void)
-+static void samba_nss_endgrent(void)
- {
- 	NSS_STATUS (*_nss_endgrent)(void) =
- 		(NSS_STATUS (*)(void))find_fn("endgrent");
-@@ -396,7 +396,7 @@ static void nss_test_users(void)
- {
- 	struct passwd *pwd;
- 
-	nss_setpwent();
-+	samba_nss_setpwent();
- 	/* loop over all users */
- 	while ((pwd = nss_getpwent())) {
- 		printf("Testing user %s\n", pwd->pw_name);
-@@ -418,14 +418,14 @@ static void nss_test_users(void)
- 		printf("initgroups: "); nss_test_initgroups(pwd->pw_name, pwd->pw_gid);
- 		printf("\n");
- 	}
-	nss_endpwent();
-+	samba_nss_endpwent();
- }
- 
- static void nss_test_groups(void)
- {
- 	struct group *grp;
- 
-	nss_setgrent();
-+	samba_nss_setgrent();
- 	/* loop over all groups */
- 	while ((grp = nss_getgrent())) {
- 		printf("Testing group %s\n", grp->gr_name);
-@@ -446,7 +446,7 @@ static void nss_test_groups(void)
- 		printf("getgrgid: "); print_group(grp);
- 		printf("\n");
- 	}
-	nss_endgrent();
-+	samba_nss_endgrent();
- }
- 
- static void nss_test_errors(void)
-- 
-2.27.0
-
@@ -1,62 +0,0 @@
-From 4b8463ff43f8983a706b181c5292491f9f954be1 Mon Sep 17 00:00:00 2001
-From: Changqing Li <changqing.li@windriver.com>
-Date: Fri, 25 Jan 2019 15:00:59 +0800
-Subject: [PATCH] waf: add support of cross_compile
-
-After upgrade, waf also upgraded 
-
-on 1.5.19, for cross_compile, subprocess.Popen is set to be
-samba_cross.cross_Popen, which will not execute testprog on
-host, but only read result from cross-answers.txt which is
-passed by option --cross-answer
-
-part of old code:
-    args = Utils.to_list(kw.get('exec_args', []))
-    proc = Utils.pproc.Popen([lastprog] + args, stdout=Utils.pproc.PIPE, stderr=Utils.pproc.PIPE)
-
-but on new version, exec_args is not used and cause do_configure
-failed with Exec format error
-
-fixed by append cross anser related args to cmd
-
-Upstream-Status: Submitted [https://gitlab.com/samba-team/samba/merge_requests/211]
-
-Signed-off-by: Changqing Li <changqing.li@windriver.com>
---
- third_party/waf/waflib/Tools/c_config.py | 11 ++++++-----
- 1 file changed, 6 insertions(+), 5 deletions(-)
-
-diff --git a/third_party/waf/waflib/Tools/c_config.py b/third_party/waf/waflib/Tools/c_config.py
-index 7608215..767cf33 100644
--- a/third_party/waf/waflib/Tools/c_config.py
-+++ b/third_party/waf/waflib/Tools/c_config.py
-@@ -660,20 +660,21 @@ class test_exec(Task.Task):
- 	"""
- 	color = 'PINK'
- 	def run(self):
-+		args = self.generator.bld.kw.get('exec_args', [])
- 		if getattr(self.generator, 'rpath', None):
- 			if getattr(self.generator, 'define_ret', False):
-				self.generator.bld.retval = self.generator.bld.cmd_and_log([self.inputs[0].abspath()])
-			else:
-				self.generator.bld.retval = self.generator.bld.exec_command([self.inputs[0].abspath()])
-+				self.generator.bld.retval = self.generator.bld.cmd_and_log([self.inputs[0].abspath()] + args)
-+			else: 
-+				self.generator.bld.retval = self.generator.bld.exec_command([self.inputs[0].abspath()] + args)
- 		else:
- 			env = self.env.env or {}
- 			env.update(dict(os.environ))
- 			for var in ('LD_LIBRARY_PATH', 'DYLD_LIBRARY_PATH', 'PATH'):
- 				env[var] = self.inputs[0].parent.abspath() + os.path.pathsep + env.get(var, '')
- 			if getattr(self.generator, 'define_ret', False):
-				self.generator.bld.retval = self.generator.bld.cmd_and_log([self.inputs[0].abspath()], env=env)
-+				self.generator.bld.retval = self.generator.bld.cmd_and_log([self.inputs[0].abspath()] + args, env=env)
- 			else:
-				self.generator.bld.retval = self.generator.bld.exec_command([self.inputs[0].abspath()], env=env)
-+				self.generator.bld.retval = self.generator.bld.exec_command([self.inputs[0].abspath()] + args, env=env)
- 
- @feature('test_exec')
- @after_method('apply_link')
-- 
-2.7.4
-
@@ -1,4 +1,4 @@
-From cc0576405803bcae45ee353c4333c449cead9207 Mon Sep 17 00:00:00 2001
+From 9ebea97a52e4f70e831dd6402b865c77753ce1cc Mon Sep 17 00:00:00 2001
 From: Changqing Li <changqing.li@windriver.com>
 Date: Tue, 25 Jun 2019 14:25:08 +0800
 Subject: [PATCH] do not import target module while cross compile
@@ -12,10 +12,10 @@ update to version 4.10.5, and switch to python3
 Signed-off-by: Changqing Li <changqing.li@windriver.com>
 ---
 buildtools/wafsamba/samba_bundled.py | 27 +++++++++++++++++++--------
- 1 file changed, 18 insertions(+), 8 deletions(-)
+ 1 file changed, 19 insertions(+), 8 deletions(-)

 diff --git a/buildtools/wafsamba/samba_bundled.py b/buildtools/wafsamba/samba_bundled.py
-index 60ce7da..5468a36 100644
+index 5f080dd..cdc115e 100644
 --- a/buildtools/wafsamba/samba_bundled.py
 +++ b/buildtools/wafsamba/samba_bundled.py
@@ -4,6 +4,7 @@ import sys
@@ -63,5 +63,5 @@ index 60ce7da..5468a36 100644
         Logs.error('ERROR: Python module %s of version %s not found, and bundling disabled' % (libname, minversion))
         sys.exit(1)
 -- 
-2.7.4
+2.17.1

@@ -1,58 +0,0 @@
-From c62a6f32ab965de2ec77a614f20f04568116835b Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Thu, 5 Sep 2019 21:39:05 -0700
-Subject: [PATCH 2/2] util_sec.c: Move __thread variable to global scope
-
-Make clang happy otherwise it complains about variable scope
-
-fixes
-
-source3/./lib/util_sec.c:470:4: error: '__thread' variables must have global storage
-        } __thread cache;
-          ^
-
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
- source3/lib/util_sec.c | 19 +++++++++++--------
- 1 file changed, 11 insertions(+), 8 deletions(-)
-
-diff --git a/source3/lib/util_sec.c b/source3/lib/util_sec.c
-index 9408269..7390318 100644
--- a/source3/lib/util_sec.c
-+++ b/source3/lib/util_sec.c
-@@ -444,6 +444,17 @@ void become_user_permanently(uid_t uid, gid_t gid)
- 	assert_gid(gid, gid);
- }
- 
-+#ifdef HAVE___THREAD
-+	struct cache_t {
-+		bool active;
-+		uid_t uid;
-+		gid_t gid;
-+		size_t setlen;
-+		uintptr_t gidset;
-+	};
-+
-+static __thread struct cache_t cache;
-+#endif
- /**********************************************************
-  Function to set thread specific credentials. Leave
-  saved-set uid/gid alone.Must be thread-safe code.
-@@ -461,14 +472,6 @@ int set_thread_credentials(uid_t uid,
- 	 * available.
- 	 */
- #ifdef HAVE___THREAD
-	static struct {
-		bool active;
-		uid_t uid;
-		gid_t gid;
-		size_t setlen;
-		uintptr_t gidset;
-	} __thread cache;
-
- 	if (cache.active &&
- 	    cache.uid == uid &&
- 	    cache.gid == gid &&
-- 
-2.23.0
-
@@ -1,4 +1,4 @@
-From 87bc8e7eafc7d12a1d3a143ebb9e43cf5fbafb72 Mon Sep 17 00:00:00 2001
+From 6455448eb060d03a534539f1a424e2d3e44319e1 Mon Sep 17 00:00:00 2001
 From: Changqing Li <changqing.li@windriver.com>
 Date: Thu, 20 Jun 2019 14:11:16 +0800
 Subject: [PATCH] Add config option without-valgrind
@@ -15,10 +15,10 @@ Signed-off-by: Changqing Li <changqing.li@windriver.com>
 2 files changed, 7 insertions(+), 2 deletions(-)

 diff --git a/lib/replace/wscript b/lib/replace/wscript
-index a7fd25d..a19ae68 100644
+index 2c856b6..bc726f7 100644
 --- a/lib/replace/wscript
 +++ b/lib/replace/wscript
-@@ -110,8 +110,9 @@ def configure(conf):
+@@ -121,8 +121,9 @@ def configure(conf):
     conf.CHECK_HEADERS('sys/fileio.h sys/filesys.h sys/dustat.h sys/sysmacros.h')
     conf.CHECK_HEADERS('xfs/libxfs.h netgroup.h')
 
@@ -31,10 +31,10 @@ index a7fd25d..a19ae68 100644
     conf.CHECK_HEADERS('sys/extattr.h sys/ea.h sys/proplist.h sys/cdefs.h')
     conf.CHECK_HEADERS('utmp.h utmpx.h lastlog.h')
 diff --git a/wscript b/wscript
-index e38a8e9..38b7230 100644
+index 83d9421..969b07a 100644
 --- a/wscript
 +++ b/wscript
-@@ -105,6 +105,10 @@ def options(opt):
+@@ -123,6 +123,10 @@ def options(opt):
                   help=("Disable RELRO builds"),
                   action="store_false", dest='enable_relro')
 
@@ -46,5 +46,5 @@ index e38a8e9..38b7230 100644
 
     opt.load('python') # options for disabling pyc or pyo compilation
 -- 
-2.7.4
+2.17.1

@@ -1,19 +1,21 @@
-From 1e8d31c138395122df4cc2a3e0edd6cd3fad736c Mon Sep 17 00:00:00 2001
+From 5abf3c2efa1cd4e16878b6b26068ff153973ebd3 Mon Sep 17 00:00:00 2001
 From: Peter Kjellerstedt <pkj@axis.com>
 Date: Tue, 28 Apr 2020 02:05:33 +0200
 Subject: [PATCH] Add options to configure the use of libbsd

 Upstream-Status: Inappropriate [oe deterministic build specific]
 Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
+
+Rebase to 4.14.4
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
 ---
- buildtools/wafsamba/wscript  |  7 +++++++
- lib/crypto/wscript_configure |  2 +-
- lib/replace/wscript          | 29 +++++++++++++++--------------
- lib/texpect/wscript          |  7 ++++++-
- 4 files changed, 29 insertions(+), 16 deletions(-)
+ buildtools/wafsamba/wscript |  7 +++++++
+ lib/replace/wscript         | 29 +++++++++++++++--------------
+ lib/texpect/wscript         |  8 +++++++-
+ 3 files changed, 29 insertions(+), 15 deletions(-)

 diff --git a/buildtools/wafsamba/wscript b/buildtools/wafsamba/wscript
-index 7b8fb01..a8e4b0a 100644
+index 1aadb95..e7b47c0 100644
 --- a/buildtools/wafsamba/wscript
 +++ b/buildtools/wafsamba/wscript
@@ -88,6 +88,13 @@ def options(opt):
@@ -30,24 +32,11 @@ index 7b8fb01..a8e4b0a 100644
     gr = opt.option_group('developer options')
 
     gr.add_option('-C',
-diff --git a/lib/crypto/wscript_configure b/lib/crypto/wscript_configure
-index 09dfe04..e871718 100644
--- a/lib/crypto/wscript_configure
-+++ b/lib/crypto/wscript_configure
-@@ -2,7 +2,7 @@
- from waflib import Options
- from waflib import Errors, Logs
- 
-if not conf.CHECK_FUNCS_IN('MD5Init', 'bsd', headers='bsd/md5.h',
-+if not Options.options.enable_libbsd or not conf.CHECK_FUNCS_IN('MD5Init', 'bsd', headers='bsd/md5.h',
-     checklibc=True):
-     conf.CHECK_FUNCS_IN('MD5Init', 'md5', headers='sys/md5.h',
-                         checklibc=True)
 diff --git a/lib/replace/wscript b/lib/replace/wscript
-index 0020d2a..cd9228f 100644
+index bc726f7..44ad0d6 100644
 --- a/lib/replace/wscript
 +++ b/lib/replace/wscript
-@@ -407,20 +407,21 @@ def configure(conf):
+@@ -419,20 +419,21 @@ def configure(conf):
 
     strlcpy_in_bsd = False
 
@@ -84,13 +73,14 @@ index 0020d2a..cd9228f 100644
     conf.CHECK_CODE('''
                 struct ucred cred;
 diff --git a/lib/texpect/wscript b/lib/texpect/wscript
-index e14c048..a91de59 100644
+index 82f6b25..33eea64 100644
 --- a/lib/texpect/wscript
 +++ b/lib/texpect/wscript
-@@ -1,7 +1,12 @@
+@@ -1,7 +1,13 @@
 #!/usr/bin/env python
-+from waflib import Options
 
+from waflib import Options
+
 def configure(conf):
 -    conf.CHECK_FUNCS_IN('openpty', 'util', checklibc=True, headers='pty.h util.h bsd/libutil.h libutil.h')
 +    hdrs = 'pty.h util.h'
@@ -100,4 +90,7 @@ index e14c048..a91de59 100644
 +    conf.CHECK_FUNCS_IN('openpty', 'util', checklibc=True, headers=hdrs)
 
 def build(bld):
-     bld.SAMBA_BINARY('texpect', 'texpect.c', deps='popt util replace', install=False)
+     bld.SAMBA_BINARY('texpect',
+-- 
+2.17.1
+
@@ -1,11 +1,19 @@
-samba: build dnsserver_common code
+From 10d7abc8f1aa99ae45209aeb704978d206f329c0 Mon Sep 17 00:00:00 2001
+From: Joe Slater <joe.slater@windriver.com>
+Date: Tue, 1 Jun 2021 11:09:19 +0800
+Subject: [PATCH] samba: build dnsserver_common code

 Just 'install' does not seem to do it.

 Upstream-Status: Pending

 Signed-off-by: Joe Slater <joe.slater@windriver.com>
+---
+ source4/dns_server/wscript_build | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)

+diff --git a/source4/dns_server/wscript_build b/source4/dns_server/wscript_build
+index e97c85d..a49fbb9 100644
 --- a/source4/dns_server/wscript_build
 +++ b/source4/dns_server/wscript_build
@@ -4,7 +4,7 @@ bld.SAMBA_LIBRARY('dnsserver_common',
@@ -17,3 +25,6 @@ Signed-off-by: Joe Slater <joe.slater@windriver.com>
         )
 
 bld.SAMBA_MODULE('service_dns',
+-- 
+2.17.1
+
@@ -1,4 +1,7 @@
-samba: defeat iconv test
+From 59f7098bfbd63f9b3c19d7d297a8f90870a1893d Mon Sep 17 00:00:00 2001
+From: Joe Slater <joe.slater@windriver.com>
+Date: Mon, 31 May 2021 14:50:38 +0800
+Subject: [PATCH] samba: defeat iconv test

 A test was added when configuring samba which requires target code
 to be executed.  In general, this will not work, so we eliminate it.
@@ -6,10 +9,15 @@ to be executed.  In general, this will not work, so we eliminate it.
 Upstream-Status: Pending

 Signed-off-by: Joe Slater <joe.slater@windriver.com>
+---
+ lib/util/charset/wscript_configure | 3 +++
+ 1 file changed, 3 insertions(+)

+diff --git a/lib/util/charset/wscript_configure b/lib/util/charset/wscript_configure
+index 9c27fc6..845eb36 100644
 --- a/lib/util/charset/wscript_configure
 +++ b/lib/util/charset/wscript_configure
-@@ -17,6 +17,8 @@ if (conf.CHECK_FUNCS_IN('iconv_open', 'i
+@@ -17,6 +17,8 @@ if (conf.CHECK_FUNCS_IN('iconv_open', 'iconv', checklibc=False, headers='iconv.h
     
     conf.DEFINE('HAVE_NATIVE_ICONV', 1)
 
@@ -18,8 +26,14 @@ Signed-off-by: Joe Slater <joe.slater@windriver.com>
 conf.CHECK_CODE('''
                 uint8_t inbuf[2] = { 0x30, 0xdf };
                 uint8_t outbuf[4] = { 0 };
-@@ -36,3 +38,4 @@ conf.CHECK_CODE('''
+@@ -36,6 +38,7 @@ conf.CHECK_CODE('''
                 msg='Checking errno of iconv for illegal multibyte sequence',
                 lib='iconv',
                 headers='errno.h iconv.h')
 +"""
+ 
+ if conf.CHECK_CFG(package='icu-i18n',
+                args='--cflags --libs',
+-- 
+2.17.1
+
@@ -0,0 +1,39 @@
+From a31a014c5d98501074fde1acb5c00162c927c361 Mon Sep 17 00:00:00 2001
+From: Yi Zhao <yi.zhao@windriver.com>
+Date: Mon, 31 May 2021 15:47:58 +0800
+Subject: [PATCH] wscript_configure_system_gnutls: disable check gnutls
+ AES_CFB8/AES_CMAC
+
+The CHECK_VALUEOF() can not work on cross-compilation.
+
+Fixes configure error:
+  Checking value of GNUTLS_CIPHER_AES_128_CFB8: UNKNOWN
+  Checking value of GNUTLS_MAC_AES_CMAC_128: UNKNOWN
+
+Upstream-Status: Inappropriate [embedded specific]
+
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ wscript_configure_system_gnutls | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/wscript_configure_system_gnutls b/wscript_configure_system_gnutls
+index 2ec217f..cd91b55 100644
+--- a/wscript_configure_system_gnutls
+++ b/wscript_configure_system_gnutls
+@@ -39,6 +39,7 @@ if (parse_version(gnutls_version) > parse_version('3.6.14')):
+ if conf.CHECK_FUNCS_IN('gnutls_get_system_config_file', 'gnutls'):
+     conf.DEFINE('HAVE_GNUTLS_CRYPTO_POLICIES', 1)
+ 
+"""
+ if conf.CHECK_VALUEOF('GNUTLS_CIPHER_AES_128_CFB8', headers='gnutls/gnutls.h'):
+     conf.DEFINE('HAVE_GNUTLS_AES_CFB8', 1)
+ else:
+@@ -48,3 +49,4 @@ if conf.CHECK_VALUEOF('GNUTLS_MAC_AES_CMAC_128', headers='gnutls/gnutls.h'):
+     conf.DEFINE('HAVE_GNUTLS_AES_CMAC', 1)
+ else:
+     Logs.warn('No gnutls support for AES CMAC')
+"""
+-- 
+2.17.1
+
@@ -0,0 +1,79 @@
+From ba6bc5459cf148dd617fd9cd38dd50c3a9b5d706 Mon Sep 17 00:00:00 2001
+From: Yi Zhao <yi.zhao@windriver.com>
+Date: Mon, 31 May 2021 15:50:48 +0800
+Subject: [PATCH] source3/wscript: disable check fcntl F_OWNER_EX
+
+It fails on cross-compilation.
+
+Fixes configure error:
+  Checking whether fcntl supports flags to send direct I/O availability signals: UNKNOWN
+
+Upstream-Status: Inappropriate [embedded specific]
+
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ source3/wscript | 48 ------------------------------------------------
+ 1 file changed, 48 deletions(-)
+
+diff --git a/source3/wscript b/source3/wscript
+index adc31ce..f6de0a6 100644
+--- a/source3/wscript
+++ b/source3/wscript
+@@ -1168,54 +1168,6 @@ err:
+ #include <fcntl.h>
+ #include <unistd.h>
+ #include <stdlib.h>
+-#include <sys/socket.h>
+-
+-int main(void)
+-{
+-        int sockfd, ret;
+-        struct f_owner_ex owner, get_owner;
+-
+-        sockfd = socket(AF_UNIX, SOCK_STREAM, 0);
+-        if (sockfd == -1) {
+-            goto err;
+-        }
+-
+-        owner.type = F_OWNER_PID;
+-        owner.pid = getpid();
+-
+-        ret = fcntl(sockfd, F_SETOWN_EX, &owner);
+-        if (ret == -1) {
+-            goto err;
+-        }
+-
+-        ret = fcntl(sockfd, F_GETOWN_EX, &get_owner);
+-        if (ret == -1) {
+-            goto err;
+-        }
+-
+-        if (get_owner.type != F_OWNER_PID) {
+-            goto err;
+-        }
+-
+-        if (get_owner.pid != getpid()) {
+-            goto err;
+-        }
+-
+-        close(sockfd);
+-        exit(0);
+-err:
+-        close(sockfd);
+-        exit(1);
+-}''',
+-            'HAVE_F_OWNER_EX',
+-            addmain=False,
+-            execute=True,
+-            msg="Checking whether fcntl supports flags to send direct I/O availability signals")
+-
+-    conf.CHECK_CODE('''
+-#include <fcntl.h>
+-#include <unistd.h>
+-#include <stdlib.h>
+ #include <stdint.h>
+ 
+ #define DATA "hinttest.fcntl"
+-- 
+2.17.1
+
@@ -1,142 +0,0 @@
-From ccf53dfdcd39f3526dbc2f20e1245674155380ff Mon Sep 17 00:00:00 2001
-From: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
-Date: Fri, 11 Dec 2020 11:32:44 +0900
-Subject: [PATCH] s4: torture: Add smb2.notify.handle-permissions test.
-
-s3: smbd: Ensure change notifies can't get set unless the
- directory handle is open for SEC_DIR_LIST.
-
-CVE-2020-14318
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=14434
-
-Signed-off-by: Jeremy Allison <jra@samba.org>
-
-Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
---
- source3/smbd/notify.c         |  8 ++++
- source4/torture/smb2/notify.c | 82 ++++++++++++++++++++++++++++++++++-
- 2 files changed, 89 insertions(+), 1 deletion(-)
-
-diff --git a/source3/smbd/notify.c b/source3/smbd/notify.c
-index 44c0b09..d23c03b 100644
--- a/source3/smbd/notify.c
-+++ b/source3/smbd/notify.c
-@@ -283,6 +283,14 @@ NTSTATUS change_notify_create(struct files_struct *fsp, uint32_t filter,
- 	char fullpath[len+1];
- 	NTSTATUS status = NT_STATUS_NOT_IMPLEMENTED;
- 
-+	/*
-+	 * Setting a changenotify needs READ/LIST access
-+	 * on the directory handle.
-+	 */
-+	if (!(fsp->access_mask & SEC_DIR_LIST)) {
-+		return NT_STATUS_ACCESS_DENIED;
-+	}
-+
- 	if (fsp->notify != NULL) {
- 		DEBUG(1, ("change_notify_create: fsp->notify != NULL, "
- 			  "fname = %s\n", fsp->fsp_name->base_name));
-diff --git a/source4/torture/smb2/notify.c b/source4/torture/smb2/notify.c
-index ebb4f8a..a5c9b94 100644
--- a/source4/torture/smb2/notify.c
-+++ b/source4/torture/smb2/notify.c
-@@ -2569,6 +2569,83 @@ done:
- 	return ok;
- }
- 
-+/*
-+  Test asking for a change notify on a handle without permissions.
-+*/
-+
-+#define BASEDIR_HPERM BASEDIR "_HPERM"
-+
-+static bool torture_smb2_notify_handle_permissions(
-+		struct torture_context *torture,
-+		struct smb2_tree *tree)
-+{
-+	bool ret = true;
-+	NTSTATUS status;
-+	union smb_notify notify;
-+	union smb_open io;
-+	struct smb2_handle h1 = {{0}};
-+	struct smb2_request *req;
-+
-+	smb2_deltree(tree, BASEDIR_HPERM);
-+	smb2_util_rmdir(tree, BASEDIR_HPERM);
-+
-+	torture_comment(torture,
-+		"TESTING CHANGE NOTIFY "
-+		"ON A HANDLE WITHOUT PERMISSIONS\n");
-+
-+	/*
-+	  get a handle on the directory
-+	*/
-+	ZERO_STRUCT(io.smb2);
-+	io.generic.level = RAW_OPEN_SMB2;
-+	io.smb2.in.create_flags = 0;
-+	io.smb2.in.desired_access = SEC_FILE_READ_ATTRIBUTE;
-+	io.smb2.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
-+	io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
-+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
-+				NTCREATEX_SHARE_ACCESS_WRITE;
-+	io.smb2.in.alloc_size = 0;
-+	io.smb2.in.create_disposition = NTCREATEX_DISP_CREATE;
-+	io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
-+	io.smb2.in.security_flags = 0;
-+	io.smb2.in.fname = BASEDIR_HPERM;
-+
-+	status = smb2_create(tree, torture, &io.smb2);
-+	CHECK_STATUS(status, NT_STATUS_OK);
-+	h1 = io.smb2.out.file.handle;
-+
-+	/* ask for a change notify,
-+	   on file or directory name changes */
-+	ZERO_STRUCT(notify.smb2);
-+	notify.smb2.level = RAW_NOTIFY_SMB2;
-+	notify.smb2.in.buffer_size = 1000;
-+	notify.smb2.in.completion_filter = FILE_NOTIFY_CHANGE_NAME;
-+	notify.smb2.in.file.handle = h1;
-+	notify.smb2.in.recursive = true;
-+
-+	req = smb2_notify_send(tree, &notify.smb2);
-+	torture_assert_goto(torture,
-+			req != NULL,
-+			ret,
-+			done,
-+			"smb2_notify_send failed\n");
-+
-+	/*
-+	 * Cancel it, we don't really want to wait.
-+	 */
-+	smb2_cancel(req);
-+	status = smb2_notify_recv(req, torture, &notify.smb2);
-+	/* Handle h1 doesn't have permissions for ChangeNotify. */
-+	CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED);
-+
-+done:
-+	if (!smb2_util_handle_empty(h1)) {
-+		smb2_util_close(tree, h1);
-+	}
-+	smb2_deltree(tree, BASEDIR_HPERM);
-+	return ret;
-+}
-+
- /*
-    basic testing of SMB2 change notify
- */
-@@ -2602,7 +2679,10 @@ struct torture_suite *torture_smb2_notify_init(TALLOC_CTX *ctx)
- 				     torture_smb2_notify_rmdir3);
- 	torture_suite_add_2smb2_test(suite, "rmdir4",
- 				     torture_smb2_notify_rmdir4);
-
-+	torture_suite_add_1smb2_test(suite,
-+				    "handle-permissions",
-+				    torture_smb2_notify_handle_permissions);
-+ 
- 	suite->description = talloc_strdup(suite, "SMB2-NOTIFY tests");
- 
- 	return suite;
-- 
-2.25.1
-
@@ -1,112 +0,0 @@
-From ff17443fe761eda864d13957bec45f5bac478fe3 Mon Sep 17 00:00:00 2001
-From: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
-Date: Fri, 11 Dec 2020 14:34:31 +0900
-Subject: [PATCH] CVE-2020-14383: s4/dns: Ensure variable initialization with 
- NULL. do not crash when additional data not found
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Found by Francis Brosnan BlÃ¡zquez <francis@aspl.es>.
-Based on patches from Francis Brosnan BlÃ¡zquez <francis@aspl.es>
-and Jeremy Allison <jra@samba.org>
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=14472
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=12795
-
-Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
-Reviewed-by: Jeremy Allison <jra@samba.org>
-
-Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
-Autobuild-Date(master): Mon Aug 24 00:21:41 UTC 2020 on sn-devel-184
-
-(based on commit df98e7db04c901259dd089e20cd557bdbdeaf379)
-(based on commit 7afe449e7201be92bed8e53cbb37b74af720ef4e
-
-Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
---
- .../rpc_server/dnsserver/dcerpc_dnsserver.c   | 31 ++++++++++---------
- 1 file changed, 17 insertions(+), 14 deletions(-)
-
-diff --git a/source4/rpc_server/dnsserver/dcerpc_dnsserver.c b/source4/rpc_server/dnsserver/dcerpc_dnsserver.c
-index 910de9a1..618c7096 100644
--- a/source4/rpc_server/dnsserver/dcerpc_dnsserver.c
-+++ b/source4/rpc_server/dnsserver/dcerpc_dnsserver.c
-@@ -1754,15 +1754,17 @@ static WERROR dnsserver_enumerate_records(struct dnsserver_state *dsstate,
- 	TALLOC_CTX *tmp_ctx;
- 	char *name;
- 	const char * const attrs[] = { "name", "dnsRecord", NULL };
-	struct ldb_result *res;
-	struct DNS_RPC_RECORDS_ARRAY *recs;
-+	struct ldb_result *res = NULL;
-+	struct DNS_RPC_RECORDS_ARRAY *recs = NULL;
- 	char **add_names = NULL;
-	char *rname;
-+	char *rname = NULL;
- 	const char *preference_name = NULL;
- 	int add_count = 0;
- 	int i, ret, len;
- 	WERROR status;
-	struct dns_tree *tree, *base, *node;
-+	struct dns_tree *tree = NULL;
-+	struct dns_tree *base = NULL;
-+	struct dns_tree *node = NULL;
- 
- 	tmp_ctx = talloc_new(mem_ctx);
- 	W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
-@@ -1845,15 +1847,15 @@ static WERROR dnsserver_enumerate_records(struct dnsserver_state *dsstate,
- 		}
- 	}
- 
-	talloc_free(res);
-	talloc_free(tree);
-	talloc_free(name);
-+	TALLOC_FREE(res);
-+	TALLOC_FREE(tree);
-+	TALLOC_FREE(name);
- 
- 	/* Add any additional records */
- 	if (select_flag & DNS_RPC_VIEW_ADDITIONAL_DATA) {
- 		for (i=0; i<add_count; i++) {
-			struct dnsserver_zone *z2;
-
-+			struct dnsserver_zone *z2 = NULL;
-+			struct ldb_message *msg = NULL;
- 			/* Search all the available zones for additional name */
- 			for (z2 = dsstate->zones; z2; z2 = z2->next) {
- 				char *encoded_name;
-@@ -1865,14 +1867,15 @@ static WERROR dnsserver_enumerate_records(struct dnsserver_state *dsstate,
- 						LDB_SCOPE_ONELEVEL, attrs,
- 						"(&(objectClass=dnsNode)(name=%s)(!(dNSTombstoned=TRUE)))",
- 						encoded_name);
-				talloc_free(name);
-+				TALLOC_FREE(name);
- 				if (ret != LDB_SUCCESS) {
- 					continue;
- 				}
- 				if (res->count == 1) {
-+					msg = res->msgs[0];
- 					break;
- 				} else {
-					talloc_free(res);
-+					TALLOC_FREE(res);
- 					continue;
- 				}
- 			}
-@@ -1885,10 +1888,10 @@ static WERROR dnsserver_enumerate_records(struct dnsserver_state *dsstate,
- 			}
- 			status = dns_fill_records_array(tmp_ctx, NULL, DNS_TYPE_A,
- 							select_flag, rname,
-							res->msgs[0], 0, recs,
-+							msg, 0, recs,
- 							NULL, NULL);
-			talloc_free(rname);
-			talloc_free(res);
-+			TALLOC_FREE(rname);
-+			TALLOC_FREE(res);
- 		}
- 	}
- 
-- 
-2.25.1
-
@@ -1,28 +0,0 @@
-From 062cf74b498c1d12fd76f9d9bca926ac806e0b99 Mon Sep 17 00:00:00 2001
-From: Changqing Li <changqing.li@windriver.com>
-Date: Thu, 20 Jun 2019 14:15:18 +0800
-Subject: [PATCH] glibc only fix
-
-Signed-off-by: Changqing Li <changqing.li@windriver.com>
---
- ctdb/tests/src/test_mutex_raw.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/ctdb/tests/src/test_mutex_raw.c b/ctdb/tests/src/test_mutex_raw.c
-index 926a525..814343f 100644
--- a/ctdb/tests/src/test_mutex_raw.c
-+++ b/ctdb/tests/src/test_mutex_raw.c
-@@ -291,8 +291,10 @@ int main(int argc, const char **argv)
- 					"failed\n");
- 				exit (EXIT_FAILURE);
- 			}
-+#ifdef __GLIBC__
- 		} else if (ret == EBUSY) {
- 			printf("INFO: pid=%u\n", mutex->__data.__owner);
-+#endif
- 		} else if (ret == 0) {
- 			pthread_mutex_unlock(mutex);
- 		}
-- 
-2.7.4
-
@@ -1,28 +0,0 @@
-From f99b6a8617df6a46f41fb68ffafb2608dbb6681e Mon Sep 17 00:00:00 2001
-From: Joe Slater <joe.slater@windriver.com>
-Date: Wed, 8 Nov 2017 11:58:05 -0800
-Subject: [PATCH] samba: correct log files location
-
-We use /var/log/samba.
-
-Upstream-Status: Pending
-
-Signed-off-by: Joe Slater <joe.slater@windriver.com>
-
---
- examples/smb.conf.default | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/examples/smb.conf.default b/examples/smb.conf.default
-index 2f20720..44c1aa8 100644
--- a/examples/smb.conf.default
-+++ b/examples/smb.conf.default
-@@ -52,7 +52,7 @@
- 
- # this tells Samba to use a separate log file for each machine
- # that connects
-   log file = /usr/local/samba/var/log.%m
-+   log file = /var/log/samba/log.%m
- 
- # Put a capping on the size of the log files (in Kb).
-    max log size = 50
@@ -0,0 +1,92 @@
+From 9942bca2e276c7b4c7696a08594258430c4c5bb5 Mon Sep 17 00:00:00 2001
+From: Yi Zhao <yi.zhao@windriver.com>
+Date: Thu, 3 Jun 2021 09:39:56 +0800
+Subject: [PATCH] source3/wscript: disable check fcntl RW_HINTS
+
+It fails on cross-compilation for musl.
+
+Fixes configure error:
+  Checking whether fcntl supports setting/geting hints: UNKNOWN
+
+Upstream-Status: Inappropriate [embedded specific]
+
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ source3/wscript | 61 -------------------------------------------------
+ 1 file changed, 61 deletions(-)
+
+diff --git a/source3/wscript b/source3/wscript
+index f6de0a6..3e260c1 100644
+--- a/source3/wscript
+++ b/source3/wscript
+@@ -1164,67 +1164,6 @@ err:
+             execute=True,
+             msg="Checking whether fcntl lock supports open file description locks")
+ 
+-    conf.CHECK_CODE('''
+-#include <fcntl.h>
+-#include <unistd.h>
+-#include <stdlib.h>
+-#include <stdint.h>
+-
+-#define DATA "hinttest.fcntl"
+-
+-int main(void)
+-{
+-        uint64_t hint, get_hint;
+-        int fd;
+-
+-        fd = open(DATA, O_RDONLY | O_CREAT | O_EXCL);
+-        if (fd == -1) {
+-            goto err;
+-        }
+-
+-        hint = RWH_WRITE_LIFE_SHORT;
+-        int ret = fcntl(fd, F_SET_RW_HINT, &hint);
+-        if (ret == -1) {
+-            goto err;
+-        }
+-
+-        ret = fcntl(fd, F_GET_RW_HINT, &get_hint);
+-        if (ret == -1) {
+-            goto err;
+-        }
+-
+-        if (get_hint != RWH_WRITE_LIFE_SHORT) {
+-            goto err;
+-        }
+-
+-        hint = RWH_WRITE_LIFE_EXTREME;
+-        ret = fcntl(fd, F_SET_FILE_RW_HINT, &hint);
+-        if (ret == -1) {
+-            goto err;
+-        }
+-
+-        ret = fcntl(fd, F_GET_FILE_RW_HINT, &get_hint);
+-        if (ret == -1) {
+-            goto err;
+-        }
+-
+-        if (get_hint != RWH_WRITE_LIFE_EXTREME) {
+-            goto err;
+-        }
+-
+-        close(fd);
+-        unlink(DATA);
+-        exit(0);
+-err:
+-        close(fd);
+-        unlink(DATA);
+-        exit(1);
+-}''',
+-            'HAVE_RW_HINTS',
+-            addmain=False,
+-            execute=True,
+-            msg="Checking whether fcntl supports setting/geting hints")
+-
+     conf.CHECK_STRUCTURE_MEMBER('struct stat', 'st_mtim.tv_nsec',
+                                 define='HAVE_STRUCT_STAT_ST_MTIM_TV_NSEC') # Linux, Solaris
+     conf.CHECK_STRUCTURE_MEMBER('struct stat', 'st_mtimensec',
+-- 
+2.17.1
+
@@ -14,40 +14,36 @@ ${SAMBA_MIRROR}    http://www.mirrorservice.org/sites/ftp.samba.org \n \

 SRC_URI = "${SAMBA_MIRROR}/stable/samba-${PV}.tar.gz \
           file://smb.conf \
-           file://16-do-not-check-xsltproc-manpages.patch \
-           file://20-do-not-import-target-module-while-cross-compile.patch \
-           file://21-add-config-option-without-valgrind.patch \
-           file://netdb_defines.patch \
-           file://glibc_only.patch \
-           file://iconv-4.7.0.patch \
-           file://dnsserver-4.7.0.patch \
-           file://smb_conf-4.7.0.patch \
           file://volatiles.03_samba \
-           file://0001-waf-add-support-of-cross_compile.patch \
-           file://0001-lib-replace-wscript-Avoid-generating-nested-main-fun.patch \
-           file://0002-util_sec.c-Move-__thread-variable-to-global-scope.patch \
-           file://0001-Add-options-to-configure-the-use-of-libbsd.patch \
-           file://0001-nsswitch-nsstest.c-Avoid-nss-function-conflicts-with.patch \
-           file://CVE-2020-14318.patch \
-           file://CVE-2020-14383.patch \
+           file://0001-Don-t-check-xsltproc-manpages.patch \
+           file://0002-do-not-import-target-module-while-cross-compile.patch \
+           file://0003-Add-config-option-without-valgrind.patch \
+           file://0004-Add-options-to-configure-the-use-of-libbsd.patch \
+           file://0005-samba-build-dnsserver_common-code.patch \
+           file://0006-samba-defeat-iconv-test.patch \
+           file://0007-wscript_configure_system_gnutls-disable-check-gnutls.patch \
+           file://0008-source3-wscript-disable-check-fcntl-F_OWNER_EX.patch \
           "
+
 SRC_URI_append_libc-musl = " \
+           file://netdb_defines.patch \
           file://samba-pam.patch \
           file://samba-4.3.9-remove-getpwent_r.patch \
           file://cmocka-uintptr_t.patch \
-           file://0001-samba-fix-musl-lib-without-innetgr.patch \
-          "
+           file://samba-fix-musl-lib-without-innetgr.patch \
+           file://source3-wscript-disable-check-fcntl-RW_HINTS.patch \
+           "

-SRC_URI[md5sum] = "f006a3d1876113e4a049015969d20fe6"
-SRC_URI[sha256sum] = "7dcfc2aaaac565b959068788e6a43fc79ce2a03e7d523f5843f7a9fddffc7c2c"
+SRC_URI[md5sum] = "171629ad42b4b303107e8b0fff942a1f"
+SRC_URI[sha256sum] = "89af092a0b00f5354ed287f0aa37b8c2cf9ba2ce67ea6464192e2c18528f89b9"

-UPSTREAM_CHECK_REGEX = "samba\-(?P<pver>4\.10(\.\d+)+).tar.gz"
+UPSTREAM_CHECK_REGEX = "samba\-(?P<pver>4\.14(\.\d+)+).tar.gz"

 inherit systemd waf-samba cpan-base perlnative update-rc.d
 # remove default added RDEPENDS on perl
 RDEPENDS_${PN}_remove = "perl"

-DEPENDS += "readline virtual/libiconv zlib popt libtalloc libtdb libtevent libldb libaio libpam libtasn1 jansson"
+DEPENDS += "readline virtual/libiconv zlib popt libtalloc libtdb libtevent libldb libaio libpam libtasn1 jansson libparse-yapp-perl-native gnutls"

 inherit features_check
 REQUIRED_DISTRO_FEATURES = "pam"
@@ -56,6 +52,8 @@ DEPENDS_append_libc-musl = " libtirpc"
 CFLAGS_append_libc-musl = " -I${STAGING_INCDIR}/tirpc"
 LDFLAGS_append_libc-musl = " -ltirpc"

+COMPATIBLE_HOST_riscv32 = "null"
+
 INITSCRIPT_NAME = "samba"
 INITSCRIPT_PARAMS = "start 20 3 5 . stop 20 0 1 6 ."

@@ -76,7 +74,7 @@ export WAF_NO_PREFORK="yes"
 # Use krb5.  Build active domain controller.
 #
 PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd zeroconf', d)} \
-                   acl cups ad-dc gnutls ldap mitkrb5 \
+                   acl cups ad-dc ldap mitkrb5 \
 "

 RDEPENDS_${PN}-ctdb-tests += "bash util-linux-getopt"
@@ -96,19 +94,7 @@ PACKAGECONFIG[libunwind] = ", , libunwind"
 PACKAGECONFIG[gpgme] = ",--without-gpgme,,"
 PACKAGECONFIG[lmdb] = ",--without-ldb-lmdb,lmdb,"
 PACKAGECONFIG[libbsd] = "--with-libbsd, --without-libbsd, libbsd"
-
-# Building the AD (Active Directory) DC (Domain Controller) requires GnuTLS,
-# And ad-dc doesn't work with mitkrb5 for versions prior to 4.7.0 according to:
-# http://samba.2283325.n4.nabble.com/samba-4-6-6-Unknown-dependency-kdc-in-service-kdc-objlist-td4722096.html
-# So the working combination is:
-# 1) ad-dc: enable, gnutls: enable, mitkrb5: disable
-# 2) ad-dc: disable, gnutls: enable/disable, mitkrb5: enable
-#
-# We are now at 4.7.0, so take the above with a grain of salt. We do not need to know where
-# krb5kdc is unless ad-dc is enabled, but we tell configure anyhow.
-#
-PACKAGECONFIG[ad-dc] = "--with-experimental-mit-ad-dc,--without-ad-dc,,"
-PACKAGECONFIG[gnutls] = "--enable-gnutls,--disable-gnutls,gnutls,"
+PACKAGECONFIG[ad-dc] = "--with-experimental-mit-ad-dc,--without-ad-dc,python3-markdown python3-dnspython,"
 PACKAGECONFIG[mitkrb5] = "--with-system-mitkrb5 --with-system-mitkdc=/usr/sbin/krb5kdc,,krb5,"

 SAMBA4_IDMAP_MODULES="idmap_ad,idmap_rid,idmap_adex,idmap_hash,idmap_tdb2"
@@ -182,11 +168,11 @@ do_install_append() {
    install -m644 packaging/systemd/samba.sysconfig ${D}${sysconfdir}/default/samba

    # the items are from ctdb/tests/run_tests.sh
-    for d in onnode takeover tool eventscripts cunit simple complex; do
-        testdir=${D}${datadir}/ctdb-tests/$d
+    for d in cunit eventd eventscripts onnode shellcheck takeover takeover_helper tool; do
+        testdir=${D}${datadir}/ctdb-tests/UNIT/$d
        install -d $testdir
-        cp ${S}/ctdb/tests/$d/*.sh $testdir
-        cp -r ${S}/ctdb/tests/$d/scripts ${S}/ctdb/tests/$d/stubs $testdir || true
+        cp ${S}/ctdb/tests/UNIT/$d/*.sh $testdir
+        cp -r ${S}/ctdb/tests/UNIT/$d/scripts ${S}/ctdb/tests/UNIT/$d/stubs $testdir || true
    done

    # fix file-rdeps qa warning
@@ -197,7 +183,7 @@ do_install_append() {
    chmod 0750 ${D}${sysconfdir}/sudoers.d || true
    rm -rf ${D}/run ${D}${localstatedir}/run ${D}${localstatedir}/log
    
-    for f in samba-gpupdate samba_upgradedns samba_spnupdate samba_kcc samba_dnsupdate; do
+    for f in samba-gpupdate samba_upgradedns samba_spnupdate samba_kcc samba_dnsupdate samba_downgrade_db; do
        if [ -f "${D}${sbindir}/$f" ]; then
            sed -i -e 's,${PYTHON},/usr/bin/env python3,g' ${D}${sbindir}/$f
        fi