Commit Graph

61 Commits

Author SHA1 Message Date
Gustavo Zacarias
78af81de59 samba4: bump to version 4.4.6
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-09-24 16:40:10 +02:00
Bernd Kuhls
c4872a4b6f package/samba4: security bump to 4.4.5
Fixes CVE-2016-2119
https://www.samba.org/samba/security/CVE-2016-2119.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-07-08 10:57:25 +02:00
Maxime Hadjinlian
3768a98f21 package/samba4: Change tmpfiles path
Per the documentation:
https://www.freedesktop.org/software/systemd/man/tmpfiles.d.html

The order of path by priorites is:
/etc/tmpfiles.d/*.conf
/run/tmpfiles.d/*.conf
/usr/lib/tmpfiles.d/*.conf

For the user to be able to override our tmpfiles easily, it's better to
place our files in /usr/lib/tmpfiles.d/

Signed-off-by: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-07-02 18:50:36 +02:00
Gustavo Zacarias
8d019a7450 samba4: bump to version 4.4.4
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-06-08 07:55:19 +02:00
Peter Korsgaard
577021e81b Merge branch 'next'
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-06-01 17:55:16 +02:00
Thomas Petazzoni
cfa73104fa samba4: remove compilation of .pyc files
Now that .py files are globally compiled into .pyc files, we can get
rid of the samba4 specific logic doing this compilation.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: Samuel Martin <s.martin49@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-05-26 22:08:36 +02:00
Yann E. MORIN
c6b4a5fcc4 package/samba4: create tempfile with systemd
With systemd, samba4 will need some special temporary files to be
created on each boot, as explained in:
    packaging/systemd/README

Install the provided template file as configuration.

However, this is not enough, as even the log directory is a tmpfs in
the default Buildroot configuration, so we must also create the log
directory on each boot. Hence we append this to the template installed
above.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Gustavo Zacarias <gustavo@zacarias.com.ar>
Acked-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-05-16 21:25:42 +02:00
Gustavo Zacarias
31acaf78c5 samba4: bump to version 4.4.3
Fixes a few regressions from the previous security bump.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-05-02 17:19:19 +02:00
Gustavo Zacarias
8e3268a0b9 samba4: security bump to version 4.4.2
Fixes:

CVE-2016-2118 - A man in the middle can intercept any DCERPC traffic
between a client and a server in order toimpersonate the client and get
the same privileges as the authenticated user account.

CVE-2016-2115 - The protection of DCERPC communication over ncacn_np
(which is the default for most the file server related protocols) is
inherited from the underlying SMB connection. Samba doesn't enforce SMB
signing for this kind of SMB connections by default, which makes man in
the middle attacks possible.

CVE-2016-2114 - Due to a bug Samba doesn't enforce required smb signing,
even if explicitly configured.

CVE-2016-2113 - Man in the middle attacks are possible for client
triggered LDAP connections (with ldaps://) and ncacn_http connections
(with https://).

CVE-2016-2112 - A man in the middle is able to downgrade LDAP
connections to no integrity protection. It's possible to attack client
and server with this.

CVE-2016-2111 - When Samba is configured as Domain Controller it allows
remote attackers to spoof the computer name of a secure channel's
endpoints, and obtain sensitive session information, by running a
crafted application and leveraging the ability to sniff network traffic.

CVE-2016-2110 - The feature negotiation of NTLMSSP is not downgrade
protected. A man in the middle is able to clear even required flags,
especially NTLMSSP_NEGOTIATE_SIGN and NTLMSSP_NEGOTIATE_SEAL.

CVE-2015-5370 - Errors in Samba DCE-RPC code can lead to denial of
service (crashes and high cpu consumption) and man in the middle
attacks.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-04-12 23:12:42 +02:00
Gustavo Zacarias
c5977118cd samba4: drop --with-gettext configure option
The --with-gettext=X configure option was silently dropped from the
4.4.0 release and it errors out since it's unknown. Fixes:
http://autobuild.buildroot.net/results/3c0/3c0800fd6cc7a217a866cd9cf63d5f91dcbfd306/

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-03-25 22:38:41 +01:00
Gustavo Zacarias
a58a4ec035 samba4: bump to version 4.4.0
libaio support is now automatic so drop the enable/disable (it will fall
back to pthread aio if libaio is not present).

0002-build-improve-stack-protector-check.patch is upstream so remove it.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-03-24 22:44:14 +01:00
Gustavo Zacarias
74e0ba60f7 samba4: add host-python to dependencies
Even though it's inherited by the python dependency it's more clear this
way for graph-depends, since it's used by the waf buildsystem.
And even though we have a hard dependency on python for the distro this
python could ostensibly be 3.x which isn't compatible with the bundled
waf series (1.5.x) in samba (as of current shipping version and upcoming
4.4.x series).

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-03-16 22:19:36 +01:00
Gustavo Zacarias
7bd9dbc13a samba: remove deprecated
It's been deprecated for a year now so remove it.

[Peter: drop !samba dependency from samba4]
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-03-15 22:45:06 +01:00
Gustavo Zacarias
52be26e90c samba4: security bump to version 4.3.6
Fixes:
CVE-2015-7560 - Authenticated client could cause Samba to overwrite ACLs
with incorrect owner/group.
CVE-2016-0771 - Malicious request can cause the Samba internal DNS
server to crash or unintentionally return uninitialized memory.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-03-08 22:33:23 +01:00
Peter Korsgaard
28cd1ed30a Merge branch 'next'
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-03-02 21:25:00 +01:00
Gustavo Zacarias
0cf5ac0e76 samba4: bump to version 4.3.5
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-02-23 21:26:41 +01:00
Gustavo Zacarias
59e6999086 samba4: add optional libbsd dependency
It's used for some small functions like md5 support, non-essential since
samba has an internal fallback for those, but still add it for
predictability.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-02-13 18:18:36 +01:00
Thomas Petazzoni
1d2de713fb samba4: add dependency on BR2_TOOLCHAIN_HAS_SYNC_4
samba4 uses the __sync_fetch_and_add_4() atomic built-in, so it should
depend on BR2_TOOLCHAIN_HAS_SYNC_4 in order to avoid build failures on
architectures not providing this atomic built-in.

Fixes:

  http://autobuild.buildroot.org/results/0d0fd9d2a132a40a840bea5df59c35d8573ebf45/

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-02-06 23:53:05 +01:00
Thomas Petazzoni
1a22254275 samba4: remove dependency on specific C libraries
samba4 relies on the $ORIGIN feature of the dynamic linker, which used
to not be implemented in old uClibc versions. However:

 - this feature is supported by glibc
 - this feature is supported by uClibc-ng, which is the only uClibc
   version we are going to support
 - this feature is supported by musl

Consequently, we can completely remove the dependency of samba4 on
certain C libraries.

Note that despite this commit, samba4 still cannot be chosen when the
musl C library is used, because samba4 requires native RPC support,
which musl doesn't provide.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-02-01 19:32:42 +01:00
Gustavo Zacarias
3b6207a8f6 samba4: bump to version 4.3.4
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-01-12 21:39:14 +01:00
Gustavo Zacarias
8075406e89 samba4: security bump to version 4.3.3
Fixes:
CVE-2015-7540 - Remote DoS in Samba (AD) LDAP server
CVE-2015-3223 - Denial of service in Samba Active Directory server
CVE-2015-5252 - Insufficient symlink verification in smbd)
CVE-2015-5299 - Missing access control check in shadow copy code
CVE-2015-5296 - Samba client requesting encryption vulnerable to
downgrade attack
CVE-2015-8467 - Denial of service attack against Windows Active
Directory server
CVE-2015-5330 - Remote memory read in Samba LDAP server

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-12-17 12:56:30 +01:00
Gustavo Zacarias
cd36c24093 samba4: bump to version 4.3.2
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-12-01 17:34:35 +01:00
Gustavo Zacarias
b44a384394 samba4: bump to version 4.3.1
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-10-20 16:35:16 +02:00
Maxime Hadjinlian
0f75b2635e package: Replace 'echo -n' by 'printf'
'echo -n' is not a POSIX construct (no flag support), we shoud use
'printf', especially in init script.

This patch was generated by the following command line:
git grep -l 'echo -n' -- `git ls-files | grep -v 'patch'` | xargs sed -i 's/echo -n/printf/'

Signed-off-by: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-10-04 00:56:41 +02:00
Gustavo Zacarias
c0090de3c9 samba: bump to version 4.3.0
New patch status: sent upstream.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Reviewed-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Tested-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-09-13 12:36:22 +02:00
Gustavo Zacarias
23269765c8 samba4: bump to version 4.2.3
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-07-14 16:00:24 +02:00
Alex Suykov
ae0d54ab77 samba4: install systemd files
The package comes with usable .service files for smbd, nmbd and
winbind, but does not install them.

[Thomas: use relative paths for the symbolic links.]

Signed-off-by: Alex Suykov <alex.suykov@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-07-05 16:10:52 +02:00
Baruch Siach
51221041a3 samba4: propagate python dependencies
Fix the toolchain dependencies comment condition while at it.

Fixes:
http://autobuild.buildroot.net/results/e32/e32b85728a84bfea741709eabcc6d4a7af0b41a1/

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-06-08 00:04:02 +02:00
Gustavo Zacarias
110a8d43c1 samba4: enable for uclibc-ng
uClibc-ng has the required functionality for samba 4.2.x without the
need for any special tricks.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-06-02 23:02:31 +02:00
Gustavo Zacarias
eb1256c401 samba: bump to version 4.2.2
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-06-02 23:01:35 +02:00
Gustavo Zacarias
6ec8adc134 samba4: bump to version 4.2.1
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-04-16 07:48:15 +02:00
Gustavo Zacarias
6c47da8e7f samba4: install to staging
It's required for packages that need libsmbclient.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-03-06 23:50:17 +01:00
Gustavo Zacarias
e55cddfe9e samba4: specify ncurses-config
When ncurses wide is enabled samba doesn't automatically find the
appropiate ncurses-config script and finds the host variant (which is
non-widec) which leaks improper library directories into the build.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-03-06 12:38:45 +01:00
Gustavo Zacarias
123e8afbaa samba4: bump to version 4.2.0
Now with support for AD DC, ADS and clustering features.
All dropped patches are upstream.

[Thomas: move indentation fixes to a separate patch.]

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-03-06 11:01:03 +01:00
Thomas Petazzoni
7152a50588 samba4: fix indentation
In preparation to the bump of samba4 to 4.2, let's re-indent the
samba4.mk to the usual Buildroot convention.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-03-06 11:00:43 +01:00
Peter Korsgaard
7403ea730d Merge branch 'next'
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-03-02 23:26:20 +01:00
Gustavo Zacarias
d6c233b799 samba4: security bump to version 4.1.17
Fixes:
CVE-2015-0240 - Unexpected code execution in smbd.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-02-23 18:18:56 +01:00
Yann E. MORIN
9863553fe8 packages: all salute the passing of avr32
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-02-14 17:43:11 +01:00
Gustavo Zacarias
3ac6390abd samba4: security bump to version 4.1.16
Fixes CVE-2014-8143 - dsdb-samldb: Check for extended access rights
before we allow changes to userAccountControl.

Also rename patches to new naming convention.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-01-16 22:37:56 +01:00
Gustavo Zacarias
77a1d41b39 samba4: bump to version 4.1.15
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-01-12 12:31:41 +01:00
Gustavo Zacarias
af3d4b7d2a samba4: bump to version 4.1.14
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Tested-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-12-01 20:07:57 +01:00
André Erdmann
5f617ffa17 sysv init scripts: fix == bashism
test a == b is not available in e.g. dash.

Command(s) used for editing:

  q=\[\"\'\]
  operand="${q}?[$]?[a-zA-Z0-9_\?]+${q}?"  ## doesn't detect ${VAR}
  test_expr="(\[\s+${operand}\s+)==(\s+${operand}\s+\])"

  find . -type f -name '[SK][0-9][0-9]*' | \
     xargs sed -r -e "s@${test_expr}@\1=\2@g" -i

Signed-off-by: André Erdmann <dywi@mailerd.de>
Acked-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-11-11 23:08:46 +01:00
Gustavo Zacarias
ee3d2a60cf samba4: bump to version 4.1.13
Also add hash file.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-10-24 23:44:26 +02:00
Thomas De Schampheleire
aaffd209fa packages: rename FOO_CONF_OPT into FOO_CONF_OPTS
To be consistent with the recent change of FOO_MAKE_OPT into FOO_MAKE_OPTS,
make the same change for FOO_CONF_OPT.

Sed command used:
   find * -type f | xargs sed -i 's#_CONF_OPT\>#&S#g'

Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2014-10-04 18:54:16 +02:00
Gustavo Zacarias
3be20df68f samba4: bump to version 4.1.12
Also tweak library moves since uClibc doesn't do $ORIGIN and libreplace
is found that way now.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-09-09 23:03:27 +02:00
Gustavo Zacarias
cd62e50740 samba4: add comment mmu depends
Otherwise it shows up indirectly when toolchain options aren't enough
and then vanishes when they are fulfilled.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2014-08-04 18:29:40 +02:00
Gustavo Zacarias
a3b88f44af samba4: security update to 4.1.11
Fixes CVE-2014-3560 (Remote code execution in nmbd).

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2014-08-03 10:17:06 +02:00
Gustavo Zacarias
3bcc4754c6 samba4: bump to version 4.1.10
Lots of bugfixes, enhancements to provisioning and printing support via
cups.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2014-07-31 20:07:24 +02:00
Gustavo Zacarias
3ba33f0cbb samba4: security bump to version 4.1.9
Fixes:
CVE-2014-0244 (Denial of service - CPU loop)
CVE-2014-3493 (Denial of service - Server crash/memory corruption)

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-06-23 16:19:51 +02:00
Gustavo Zacarias
559973eccc samba4: security bump to version 4.1.8
Fixes CVE-2014-0178 (Malformed FSCTL_SRV_ENUMERATE_SNAPSHOTS response)
and CVE-2014-0239 (dns: Don't reply to replies).
Patches 0001 and 0002 are now part of the 4.1.x release branch.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-06-03 20:58:18 +02:00