Commit Graph

157 Commits

Author SHA1 Message Date
Wang Mingyu 3cbd140c7d samba: upgrade 4.19.7 -> 4.19.8
Changelog:
 https://www.samba.org/samba/history/samba-4.19.8.html

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2024-08-28 07:11:37 -07:00
Yi Zhao 41df431b91 samba: upgrade 4.19.6 -> 4.19.7
ChangeLog:
https://www.samba.org/samba/history/samba-4.19.7.html

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2024-06-20 19:25:52 -07:00
Khem Raj ffc64e9c6f recipes: Start WORKDIR -> UNPACKDIR transition
Replace references of WORKDIR with UNPACKDIR where it makes sense to do
so in preparation for changing the default value of UNPACKDIR.

Signed-off-by: Khem Raj <raj.khem@gmail.com>
2024-05-23 08:44:44 -07:00
Yi Zhao 7222132115 samba: upgrade 4.19.5 -> 4.19.6
ChangeLog:
https://www.samba.org/samba/history/samba-4.19.6.html

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2024-05-09 17:10:59 -07:00
Yi Zhao fec5747a4c samba: upgrade 4.19.4 -> 4.19.5
Release Notes:
https://www.samba.org/samba/history/samba-4.19.5.html

Specify --pythondir to fix do_package_qa QA Issue:
WARNING: samba-4.19.5-r0 do_package_qa: QA Issue: File
/usr/lib/libsamba-util.so.0.0.1 in package libsamba-util contains
reference to TMPDIR [buildpaths]

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2024-03-10 21:54:07 -07:00
Yi Zhao 28cb5f1801 samba: upgrade 4.19.3 -> 4.19.4
Release Notes:
https://www.samba.org/samba/history/samba-4.19.4.html

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2024-01-19 09:51:04 -08:00
Yi Zhao 5260f11b04 samba: upgrade 4.18.9 -> 4.19.3
According to samba release planning[1], 4.18 is already in maintenance
mode and will be EOL in Sep 2024. Upgrade to current stable release
4.19.

Release Notes
https://www.samba.org/samba/history/samba-4.19.0.html
https://www.samba.org/samba/history/samba-4.19.3.html

[1] https://wiki.samba.org/index.php/Samba_Release_Planning

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2024-01-08 19:54:40 -08:00
Yi Zhao f4c3c747d6 samba: upgrade 4.18.8 -> 4.18.9
This is the latest stable release of the Samba 4.18 release series.
It contains the security-relevant bugfix CVE-2018-14628:

    Wrong ntSecurityDescriptor values for "CN=Deleted Objects"
    allow read of object tombstones over LDAP
    (Administrator action required!)
    https://www.samba.org/samba/security/CVE-2018-14628.html

Release Notes:
https://www.samba.org/samba/history/samba-4.18.9.html

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-12-29 09:04:22 -08:00
Fabien Thomas c817cf55ae samba.bb : Disable ad-dc by default
When this feature is enabled by default in packageconfig
this implies a dependency to python3-dnspython which is in meta-python.

Disable ac-dc PACKAGECONFIG by default to avoid adding a layer
dependency only for this feature.

Signed-off-by: Fabien Thomas <fabien.thomas@smile.fr>
Reviewed-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-10-19 10:51:40 -07:00
Yi Zhao 649f63a235 samba: use external cmocka instead of bundled cmocka
Do not use bundled cmocka to get rid of bundled library
libcmocka-samba4.so.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-10-12 08:06:57 -07:00
Yi Zhao f674a9d4f9 samba: upgrade 4.18.6 -> 4.18.8
This is a security release in order to address the following defects:

CVE-2023-3961:  Unsanitized pipe names allow SMB clients to connect as root to
                existing unix domain sockets on the file system.
                https://www.samba.org/samba/security/CVE-2023-3961.html

CVE-2023-4091:  SMB client can truncate files to 0 bytes by opening files with
                OVERWRITE disposition when using the acl_xattr Samba VFS
                module with the smb.conf setting
		"acl_xattr:ignore system acls = yes"
                https://www.samba.org/samba/security/CVE-2023-4091.html

CVE-2023-4154:  An RODC and a user with the GET_CHANGES right can view all
                attributes, including secrets and passwords.  Additionally,
                the access check fails open on error conditions.
                https://www.samba.org/samba/security/CVE-2023-4154.html

CVE-2023-42669: Calls to the rpcecho server on the AD DC can request that the
                server block for a user-defined amount of time, denying
                service.
                https://www.samba.org/samba/security/CVE-2023-42669.html

CVE-2023-42670: Samba can be made to start multiple incompatible RPC
                listeners, disrupting service on the AD DC.
                https://www.samba.org/samba/security/CVE-2023-42670.html

Release Notes:
https://www.samba.org/samba/history/samba-4.18.8.html

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-10-12 08:06:57 -07:00
Yi Zhao 00d3a63933 samba: upgrade 4.18.5 -> 4.18.6
Release Notes:
https://www.samba.org/samba/history/samba-4.18.6.html

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-08-22 21:18:05 -07:00
Yi Zhao 65f1009ced samba: upgrade 4.18.4 -> 4.18.5
This is a security release in order to address the following defects:
CVE-2022-2127
CVE-2023-3347
CVE-2023-34966
CVE-2023-34967
CVE-2023-34968

Release Notes:
https://www.samba.org/samba/history/samba-4.18.5.html

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-07-27 08:54:40 -07:00
Andrej Valek 8af2f17a6f cve_check: convert CVE_CHECK_IGNORE to CVE_STATUS
- Try to add convert and apply statuses for old CVEs
- Drop some obsolete ignores, while they are not relevant for current
  version

Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-07-27 08:54:40 -07:00
Yi Zhao 0d1c621440 samba: upgrade 4.18.3 -> 4.18.4
Release Notes:
https://www.samba.org/samba/history/samba-4.18.4.html

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-07-12 16:19:40 -07:00
Martin Jansa be8c765c7c *.patch: add Upstream-Status to all patches
There is new patch-status QA check in oe-core:
https://git.openembedded.org/openembedded-core/commit/?id=76a685bfcf927593eac67157762a53259089ea8a

This is temporary work around just to hide _many_ warnings from
optional patch-status (if you add it to WARN_QA).

This just added
Upstream-Status: Pending
everywhere without actually investigating what's the proper status.

This is just to hide current QA warnings and to catch new .patch files being
added without Upstream-Status, but the number of Pending patches is now terrible:

5 (26%) 	meta-xfce
6 (50%) 	meta-perl
15 (42%)        meta-webserver
21 (36%)        meta-gnome
25 (57%)        meta-filesystems
26 (43%)        meta-initramfs
45 (45%)        meta-python
47 (55%)        meta-multimedia
312 (63%)       meta-networking
756 (61%)       meta-oe

Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-06-21 09:15:20 -07:00
Wang Mingyu 4b30ae8f5d samba: upgrade 4.18.2 -> 4.18.3
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-06-05 09:29:34 -07:00
Wang Mingyu 643386c673 samba: upgrade 4.18.1 -> 4.18.2
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-04-23 21:55:52 -07:00
Yi Zhao 46ab1a3f4f samba: upgrade 4.18.0 -> 4.18.1
Release Notes:
https://www.samba.org/samba/history/samba-4.18.1.html

This is a security release in order to address the following defects:
CVE-2023-0225
CVE-2023-0922
CVE-2023-0614

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-04-04 13:39:46 -07:00
Yi Zhao 9818ed0ab7 samba: upgrade 4.17.5 -> 4.18.0
Release Notes:
https://www.samba.org/samba/history/samba-4.18.0.html

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-03-14 07:42:47 -07:00
Yi Zhao c289caf776 samba: upgrade 4.17.4 -> 4.17.5
Release Notes:
https://www.samba.org/samba/history/samba-4.17.5.html

Drop 0007-waf-Fix-errors-with-Werror-implicit-function-declara.patch
as the issue has been fixed upstream.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-01-28 21:12:21 -08:00
persianpros 92deb5f329 samba: Remove samba related PYTHONHASHSEED patches and use export function
With export PYTHONHASHSEED="1" there will be no need for patching samba and its related libs

So easier maintenance and a cleaner OE

Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-01-01 10:00:20 -08:00
Yi Zhao 5494dc9ff3 samba upgrade 4.14.14 -> 4.17.4
The 4.14.x is EOL:
https://wiki.samba.org/index.php/Samba_Release_Planning
Upgrade to latest 4.17.x.

Release Notes:
https://www.samba.org/samba/history/samba-4.17.0.html
https://www.samba.org/samba/history/samba-4.17.4.html

* Refresh patches
* Update PACKAGECONFIG
* Split a new package ctdb
* Add a patch to skip checking PYTHONHASHSEED
* Drop the following patches as these issues have been fixed upstream:
  0005-samba-build-dnsserver_common-code.patch
  netdb_defines.patch
  samba-fix-musl-lib-without-innetgr.patch

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-01-01 02:23:29 -08:00
leimaohui be6245aefc samba: Fix install conflict with multilib enabled.
Signed-off-by: Lei Maohui <leimaohui@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-11-07 08:39:05 -08:00
Khem Raj 2d7e9e2fe7 samba: Fix warnings in configure tests for rpath checks
Add a patch to avoid implicit-function-declaration warnings, they will
soon become errors with clang 15+

set path for privatelibdir

Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-08-28 23:57:15 -07:00
Yi Zhao 2b8b5dbe03 samba: fix buildpaths issue
The test case tfork_cmd_send in smbtorture fails on target as it
requries a script located in the source directory:

$ smbtorture ncalrpc:localhost local.tfork.tfork_cmd_send
test: tfork_cmd_send
/buildarea/build/tmp/work/core2-64-poky-linux/samba/4.14.14-r0/samba-4.14.14/testprogs/blackbox/tfork.sh:
Failed to exec child - No such file or directory

This also triggers the buildpaths warning:
QA Issue: File /usr/bin/smbtorture in package samba-testsuite contains reference to TMPDIR [buildpaths]

Skip this test case in smbtorture to avoid the warning.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-08-27 07:39:10 -07:00
Yi Zhao 0afcb4be77 samba: upgrade 4.14.13 -> 4.14.14
This is a security release in order to address the following defects:

CVE-2022-2031: Samba AD users can bypass certain restrictions associated
               with changing passwords.
               https://www.samba.org/samba/security/CVE-2022-2031.html

CVE-2022-32744: Samba AD users can forge password change requests for
                any user.
                https://www.samba.org/samba/security/CVE-2022-32744.html

CVE-2022-32745: Samba AD users can crash the server process with an LDAP
                add or modify request.
                https://www.samba.org/samba/security/CVE-2022-32745.html

CVE-2022-32746: Samba AD users can induce a use-after-free in the server
                process with an LDAP add or modify request.
                https://www.samba.org/samba/security/CVE-2022-32746.html

CVE-2022-32742: Server memory information leak via SMB1.
                https://www.samba.org/samba/security/CVE-2022-32742.html

Release Notes:
https://www.samba.org/samba/history/samba-4.14.14.html

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-08-25 23:08:11 -07:00
Yi Zhao 748d2d0c7c samba: upgrade 4.14.12 -> 4.14.13
This is a bugfix release of the Samba 4.14 release series.

ChangeLog:
https://www.samba.org/samba/history/samba-4.14.13.html

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-04-13 19:21:41 -07:00
Matsunaga-Shinji dd5ed4dcbb samba: add 2 cves to allowlist
Patch for CVE-2018-1050 is applied in version 4.5.15, 4.6.13, 4.7.5.
Patch for CVE-2018-1057 is applied in version 4.3.13, 4.4.16.

Signed-off-by: matsunaga-shinji <shin.matsunaga@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-04-06 20:25:34 -04:00
Khem Raj 7d8a0e840d recipes: Update LICENSE variable to use SPDX license identifiers
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-03-04 17:41:45 -08:00
Martin Jansa 856902b8c0 Fix DeprecationWarning about regexps
* fixes:
meta-oe/meta-networking/recipes-support/strongswan/strongswan_5.9.4.bb:125: DeprecationWarning: invalid escape sequence \.
meta-oe/meta-networking/recipes-support/strongswan/strongswan_5.9.4.bb:126: DeprecationWarning: invalid escape sequence \.
meta-oe/meta-networking/recipes-support/strongswan/strongswan_5.9.4.bb:128: DeprecationWarning: invalid escape sequence \.
meta-oe/meta-networking/recipes-support/strongswan/strongswan_5.9.4.bb:129: DeprecationWarning: invalid escape sequence \.
meta-oe/meta-networking/recipes-support/strongswan/strongswan_5.9.4.bb:130: DeprecationWarning: invalid escape sequence \.
meta-oe/meta-oe/recipes-graphics/ttf-fonts/ttf-mplus_027.bb:18: DeprecationWarning: invalid escape sequence \.
meta-oe/meta-oe/recipes-multimedia/libcdio/libcdio-paranoia_10.2+2.0.1.bb:21: DeprecationWarning: invalid escape sequence \.
meta-oe/meta-oe/recipes-multimedia/libcdio/libcdio_2.1.0.bb:28: DeprecationWarning: invalid escape sequence \.
oe-core/meta/classes/package.bbclass:1342: DeprecationWarning: invalid escape sequence \.
oe-core/meta/classes/package.bbclass:1343: DeprecationWarning: invalid escape sequence \-
oe-core/meta/classes/package.bbclass:1343: DeprecationWarning: invalid escape sequence \.
oe-core/meta/classes/package.bbclass:1344: DeprecationWarning: invalid escape sequence \.
oe-core/meta/classes/package.bbclass:1345: DeprecationWarning: invalid escape sequence \.
oe-core/meta/classes/package.bbclass:1348: DeprecationWarning: invalid escape sequence \.
oe-core/meta/classes/package.bbclass:1350: DeprecationWarning: invalid escape sequence \.
oe-core/meta/classes/package.bbclass:1353: DeprecationWarning: invalid escape sequence \.
oe-core/meta/classes/package.bbclass:1355: DeprecationWarning: invalid escape sequence \.
oe-core/meta/classes/package.bbclass:1358: DeprecationWarning: invalid escape sequence \.
oe-core/meta/classes/package.bbclass:1360: DeprecationWarning: invalid escape sequence \.
oe-core/meta/classes/package.bbclass:1365: DeprecationWarning: invalid escape sequence \.

Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-02-21 18:12:04 -08:00
Khem Raj f2df270179 recipes: Use new CVE_CHECK_IGNORE variable
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-02-21 18:12:04 -08:00
Yi Zhao 7f85c4ba98 samba: upgrade 4.14.11 -> 4.14.12
This is a security release in order to address the following defects:

CVE-2021-44142: Out-of-Bound Read/Write on Samba vfs_fruit module.
                https://www.samba.org/samba/security/CVE-2021-44142.html

CVE-2022-0336:  Re-adding an SPN skips subsequent SPN conflict checks.
                https://www.samba.org/samba/security/CVE-2022-0336.html

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-02-11 09:12:32 -08:00
zhengruoqin 46d285235b samba: upgrade 4.14.10 -> 4.14.11
Changelog:
============
There have been a few regressions in the security release 4.14.10:

o CVE-2020-25717: A user on the domain can become root on domain members.
                  https://www.samba.org/samba/security/CVE-2020-25717.html
                  PLEASE [RE-]READ!
                  The instructions have been updated and some workarounds
                  initially adviced for 4.14.10 are no longer required and
                  should be reverted in most cases.

o BUG-14902: User with multiple spaces (eg Fred&lt;space&gt;&lt;space&gt;Nurk) become
             un-deletable. While this release should fix this bug, it is
             adviced to have a look at the bug report for more detailed
             information, see https://bugzilla.samba.org/show_bug.cgi?id=14902.

Changes since 4.14.10
---------------------

   * BUG 14878: Recursive directory delete with veto files is broken.
   * BUG 14879: A directory containing dangling symlinks cannot be deleted by
     SMB2 alone when they are the only entry in the directory.
   * BUG 14656: Spaces incorrectly collapsed in ldb attributes.
   * BUG 14694: Ensure that the LDB request has not timed out during filter
     processing as the LDAP server MaxQueryDuration is otherwise not honoured.
   * BUG 14901: The CVE-2020-25717 username map [script] advice has undesired
     side effects for the local nt token.
   * BUG 14902: User with multiple spaces (eg Fred&lt;space&gt;&lt;space&gt;Nurk) become un-
     deletable.
   * BUG 14127: Avoid storing NTTIME_THAW (-2) as value on disk
   * BUG 14922: Kerberos authentication on standalone server in MIT realm
     broken.
   * BUG 14923: Segmentation fault when joining the domain.
   * BUG 14903: Support for ROLE_IPA_DC is incomplete.
   * BUG 14788: Memory leak if ioctl(FSCTL_VALIDATE_NEGOTIATE_INFO) fails before
     smbd_smb2_ioctl_send.
   * BUG 14899: winbindd doesn&apos;t start when &quot;allow trusted domains&quot; is off.
   * BUG 14901: The CVE-2020-25717 username map [script] advice has undesired
     side effects for the local nt token.
   * BUG 14694: Ensure that the LDB request has not timed out during filter
     processing as the LDAP server MaxQueryDuration is otherwise not honoured.
   * BUG 14901: The CVE-2020-25717 username map [script] advice has undesired
     side effects for the local nt token.

Signed-off-by: Zheng Ruoqin <zhengrq.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-12-21 18:49:37 -08:00
Yi Zhao 2fb000b020 samba: update cross-answers files
Replace the configure tests UNKNOWN answers with the correct answers.
Then drop the related patches.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-11-25 10:14:18 -08:00
Yi Zhao d3eb0a9e84 samba: add pyldb to rdepends for samba-python3
Fixes:
$ python3
>>> import samba
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib64/python3.10/site-packages/samba/__init__.py", line 28, in <module>
    import ldb
ModuleNotFoundError: No module named 'ldb'
>>>

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-11-25 10:14:18 -08:00
Yi Zhao e02caef1cc samba: fix pyext_PATTERN for cross compilation
The pyext_PATTERN will add native arch as suffix when cross compiling.
For example, on qemuarm64, it is expanded to:
pyext_PATTERN ='%s.cpython-310-x86_64-linux-gnu.so'
which will result in the incorrect library name.

root@qemuarm64:~# find /usr/lib -name \*cpython\*
/usr/lib/pkgconfig/samba-policy.cpython-310-x86_64-linux-gnu.pc
/usr/lib/libsamba-policy.cpython-310-x86-64-linux-gnu.so
/usr/lib/samba/libsamba-python.cpython-310-x86-64-linux-gnu-samba4.so
/usr/lib/samba/libsamba-net.cpython-310-x86-64-linux-gnu-samba4.so
/usr/lib/libsamba-policy.cpython-310-x86-64-linux-gnu.so.0
/usr/lib/libsamba-policy.cpython-310-x86-64-linux-gnu.so.0.0.1
/usr/lib/python3.10/site-packages/samba/dsdb_dns.cpython-310-x86_64-linux-gnu.so
/usr/lib/python3.10/site-packages/samba/dsdb.cpython-310-x86_64-linux-gnu.so
/usr/lib/python3.10/site-packages/samba/xattr_tdb.cpython-310-x86_64-linux-gnu.so
/usr/lib/python3.10/site-packages/samba/_ldb.cpython-310-x86_64-linux-gnu.so
/usr/lib/python3.10/site-packages/samba/gensec.cpython-310-x86_64-linux-gnu.so
[snip]

Set pyext_PATTERN to '%s.so' to remove the suffix.
After the patch:
root@qemuarm64:~# find /usr/lib/
/usr/lib/pkgconfig/samba-policy.pc
/usr/lib/libsamba-policy.so
/usr/lib/samba/libsamba-python-samba4.so
/usr/lib/samba/libsamba-net-samba4.so
/usr/lib/libsamba-policy.so.0
/usr/lib/libsamba-policy.so.0.0.1
/usr/lib/python3.10/site-packages/samba/dsdb_dns.so
/usr/lib/python3.10/site-packages/samba/dsdb.so
/usr/lib/python3.10/site-packages/samba/xattr_tdb.so
/usr/lib/python3.10/site-packages/samba/_ldb.so
/usr/lib/python3.10/site-packages/samba/gensec.so
[snip]

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-11-25 10:14:18 -08:00
Yi Zhao 28e7d47f66 samba: upgrade 4.14.8 -> 4.14.10
This is a security release in order to address the following defects:

CVE-2016-2124:  SMB1 client connections can be downgraded to plaintext
                authentication.
                https://www.samba.org/samba/security/CVE-2016-2124.html

CVE-2020-25717: A user on the domain can become root on domain members.
                https://www.samba.org/samba/security/CVE-2020-25717.html

CVE-2020-25718: Samba AD DC did not correctly sandbox Kerberos tickets
                issued by an RODC.
	        https://www.samba.org/samba/security/CVE-2020-25718.html

CVE-2020-25719: Samba AD DC did not always rely on the SID and PAC in
                Kerberos tickets.
	        https://www.samba.org/samba/security/CVE-2020-25719.html

CVE-2020-25721: Kerberos acceptors need easy access to stable AD
                identifiers (eg objectSid).
                https://www.samba.org/samba/security/CVE-2020-25721.html

CVE-2020-25722: Samba AD DC did not do suffienct access and conformance
                checking of data stored.
                https://www.samba.org/samba/security/CVE-2020-25722.html

CVE-2021-3738:  Use after free in Samba AD DC RPC server.
                https://www.samba.org/samba/security/CVE-2021-3738.html

CVE-2021-23192: Subsequent DCE/RPC fragment injection vulnerability.
                https://www.samba.org/samba/security/CVE-2021-23192.html

See: https://www.samba.org/samba/history/samba-4.14.10.html

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-11-16 08:26:26 -08:00
Yi Zhao fd3aca5ccf samba: upgrade 4.14.7 -> 4.14.8
Release notes:
https://www.samba.org/samba/history/samba-4.14.8.html

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-10-08 09:23:16 -07:00
Khem Raj 3a0fb097ab samba: Inherit pkgconfig
Fixes
Checking for program 'pkg-config'                                                 : not found

Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-09-24 08:12:36 -07:00
Yi Zhao 16f1562891 samba: upgrade 4.14.5 -> 4.14.7
Changelog:
https://www.samba.org/samba/history/samba-4.14.7.html

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-09-24 08:12:35 -07:00
Martin Jansa c61dc077bb Convert to new override syntax
This is the result of automated script (0.9.1) conversion:

oe-core/scripts/contrib/convert-overrides.py .

converting the metadata to use ":" as the override character instead of "_".

Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2021-08-03 10:21:25 -07:00
Yi Zhao 6db58b2837 samba: add missing runtime dependency for pidl
Add libparse-yapp-perl to RDEPENDS for pidl.

Fixes:
$ pidl
Can't locate Parse/Yapp/Driver.pm in @INC (you may need to install the Parse::Yapp::Driver module)

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-07-01 08:09:38 -07:00
Yi Zhao 7b5b96b444 samba: fix shebang for pidl
The shebang in pidl points to wrong location:
$ pidl
-sh: /usr/bin/pidl: /buildarea/build/tmp-glibc/hosttools/env: bad interpreter: No such file or directory

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-07-01 08:09:38 -07:00
Persian Prince a6653e6dd4 samba: Don't guess dirs for perllocal.pod removing
We're not living in a perfect world so avoid build failures like:

ERROR: samba-4.14.5-r0 do_package_qa: QA Issue: samba-pidl contains perllocal.pod (/usr/lib/perl5/5.34.0/x86_64-linux/perllocal.pod), should not be installed [perllocalpod]
ERROR: samba-4.14.5-r0 do_package_qa: QA run found fatal errors. Please consider fixing them.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-06-24 16:17:33 -07:00
wangmy 31fb422660 samba: Solve the dependency problem when installing Samba
Error Message:
 Problem: conflicting requests
  - nothing provides samba-pidl needed by samba-client-4.14.5-r0.aarch64

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-06-23 23:20:36 -07:00
Sekine Shigeki bb4a4f0ff8 add CVE-2011-2411 to allowlist
This affects only on HP NonStop Server, so add it to allowlist.

Signed-off-by: Sekine Shigeki <sekine.shigeki@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-06-11 08:48:26 -07:00
Yi Zhao 8fc9ecc767 samba: upgrade 4.14.4 -> 4.14.5
Changelog:
https://www.samba.org/samba/history/samba-4.14.5.html

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-06-09 08:49:21 -07:00
Yi Zhao 8260253c87 samba: disable check fcntl RW_HINTS when configure
This fails on cross-compilation for musl and clang.

Fixes configure error:
Checking whether fcntl supports setting/geting hints: UNKNOWN

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-06-09 08:49:21 -07:00
Yi Zhao 2936dfbe67 samba: update smb.conf
There are some options are deprecated in smb.conf.

Refer to
https://salsa.debian.org/samba-team/samba/-/blob/master/debian/smb.conf
to update it.

* Remove the deprecated "syslog only" and "syslog" global options and
  replace them with the "logging" statement.
* Remove wins support and wins server comments since WINS protocol is
  outdated.
* Improve idmap config

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-06-05 08:19:07 -07:00