Commit Graph

29 Commits

Author SHA1 Message Date
Gustavo Zacarias
3b6207a8f6 samba4: bump to version 4.3.4
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-01-12 21:39:14 +01:00
Gustavo Zacarias
8075406e89 samba4: security bump to version 4.3.3
Fixes:
CVE-2015-7540 - Remote DoS in Samba (AD) LDAP server
CVE-2015-3223 - Denial of service in Samba Active Directory server
CVE-2015-5252 - Insufficient symlink verification in smbd)
CVE-2015-5299 - Missing access control check in shadow copy code
CVE-2015-5296 - Samba client requesting encryption vulnerable to
downgrade attack
CVE-2015-8467 - Denial of service attack against Windows Active
Directory server
CVE-2015-5330 - Remote memory read in Samba LDAP server

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-12-17 12:56:30 +01:00
Gustavo Zacarias
cd36c24093 samba4: bump to version 4.3.2
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-12-01 17:34:35 +01:00
Gustavo Zacarias
b44a384394 samba4: bump to version 4.3.1
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-10-20 16:35:16 +02:00
Gustavo Zacarias
c0090de3c9 samba: bump to version 4.3.0
New patch status: sent upstream.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Reviewed-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Tested-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-09-13 12:36:22 +02:00
Gustavo Zacarias
23269765c8 samba4: bump to version 4.2.3
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-07-14 16:00:24 +02:00
Alex Suykov
ae0d54ab77 samba4: install systemd files
The package comes with usable .service files for smbd, nmbd and
winbind, but does not install them.

[Thomas: use relative paths for the symbolic links.]

Signed-off-by: Alex Suykov <alex.suykov@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-07-05 16:10:52 +02:00
Gustavo Zacarias
eb1256c401 samba: bump to version 4.2.2
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-06-02 23:01:35 +02:00
Gustavo Zacarias
6ec8adc134 samba4: bump to version 4.2.1
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-04-16 07:48:15 +02:00
Gustavo Zacarias
6c47da8e7f samba4: install to staging
It's required for packages that need libsmbclient.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-03-06 23:50:17 +01:00
Gustavo Zacarias
e55cddfe9e samba4: specify ncurses-config
When ncurses wide is enabled samba doesn't automatically find the
appropiate ncurses-config script and finds the host variant (which is
non-widec) which leaks improper library directories into the build.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-03-06 12:38:45 +01:00
Gustavo Zacarias
123e8afbaa samba4: bump to version 4.2.0
Now with support for AD DC, ADS and clustering features.
All dropped patches are upstream.

[Thomas: move indentation fixes to a separate patch.]

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-03-06 11:01:03 +01:00
Thomas Petazzoni
7152a50588 samba4: fix indentation
In preparation to the bump of samba4 to 4.2, let's re-indent the
samba4.mk to the usual Buildroot convention.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-03-06 11:00:43 +01:00
Gustavo Zacarias
d6c233b799 samba4: security bump to version 4.1.17
Fixes:
CVE-2015-0240 - Unexpected code execution in smbd.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-02-23 18:18:56 +01:00
Gustavo Zacarias
3ac6390abd samba4: security bump to version 4.1.16
Fixes CVE-2014-8143 - dsdb-samldb: Check for extended access rights
before we allow changes to userAccountControl.

Also rename patches to new naming convention.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-01-16 22:37:56 +01:00
Gustavo Zacarias
77a1d41b39 samba4: bump to version 4.1.15
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-01-12 12:31:41 +01:00
Gustavo Zacarias
af3d4b7d2a samba4: bump to version 4.1.14
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Tested-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-12-01 20:07:57 +01:00
Gustavo Zacarias
ee3d2a60cf samba4: bump to version 4.1.13
Also add hash file.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-10-24 23:44:26 +02:00
Thomas De Schampheleire
aaffd209fa packages: rename FOO_CONF_OPT into FOO_CONF_OPTS
To be consistent with the recent change of FOO_MAKE_OPT into FOO_MAKE_OPTS,
make the same change for FOO_CONF_OPT.

Sed command used:
   find * -type f | xargs sed -i 's#_CONF_OPT\>#&S#g'

Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2014-10-04 18:54:16 +02:00
Gustavo Zacarias
3be20df68f samba4: bump to version 4.1.12
Also tweak library moves since uClibc doesn't do $ORIGIN and libreplace
is found that way now.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-09-09 23:03:27 +02:00
Gustavo Zacarias
a3b88f44af samba4: security update to 4.1.11
Fixes CVE-2014-3560 (Remote code execution in nmbd).

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2014-08-03 10:17:06 +02:00
Gustavo Zacarias
3bcc4754c6 samba4: bump to version 4.1.10
Lots of bugfixes, enhancements to provisioning and printing support via
cups.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2014-07-31 20:07:24 +02:00
Gustavo Zacarias
3ba33f0cbb samba4: security bump to version 4.1.9
Fixes:
CVE-2014-0244 (Denial of service - CPU loop)
CVE-2014-3493 (Denial of service - Server crash/memory corruption)

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-06-23 16:19:51 +02:00
Gustavo Zacarias
559973eccc samba4: security bump to version 4.1.8
Fixes CVE-2014-0178 (Malformed FSCTL_SRV_ENUMERATE_SNAPSHOTS response)
and CVE-2014-0239 (dns: Don't reply to replies).
Patches 0001 and 0002 are now part of the 4.1.x release branch.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-06-03 20:58:18 +02:00
Gustavo Zacarias
c94a543137 samba4: update to upstream patches
Update the package to use patches that have been applied upstream and
update their status comment accordingly.

f_fsid checks have been fixed via upstream patch that allows the cache
to work properly on the result.

Builtin heimdal tools can be worked around via the --bundled-libraries
option to disable those components (even if they are not libraries it
can be done that way).

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-05-09 15:04:40 +02:00
Gustavo Zacarias
002aeba3de samba4: bump to version 4.1.7 and improve cross build
Bump to the latest 4.1.7 version and improve the cross-build logic.
With the new patches the build is basically architecture-agnostic making
it possible to ditch the arch-specific cache to use a generic one.
Some toolchains might not be too happy with samba4 because of bitrot,
hopefully we'll find and fix or blacklist those with autobuilder help.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2014-04-24 11:13:32 +02:00
Gustavo Zacarias
184f2976c4 samba4: security bump to version 4.1.6
Fixes CVE-2013-4496 and CVE-2013-6442.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-03-12 17:23:44 +01:00
Gustavo Zacarias
878c04b8cc samba4: fix readline support
Add automatic readline support since it's used when available.
Also add a patch to update to new-style typedefs that were removed from
readline 6.3 that causes build breakage. Fixes:
http://autobuild.buildroot.net/results/b13/b137c237ff6df81dd10f7895278d1f2f5d2326de/

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2014-03-03 21:25:51 +01:00
Gustavo Zacarias
dee1cf0cdf samba4: new package
Samba 4.1.x uses the waf build system which isn't very cross-compile
friendly, and also some tests are formulated in a way that isn't
cross-build friendly either by needing to run them.

For this reason the samba4 build system includes a way to define
answers for many of the tests, but this support isn't complete
and some tests still want to be executed.

Samba 4.1.x also requires a proper answers file for each architecture,
and at the moment i've only tested for ARM and PowerPC so only those
architectures are supported to begin with. To add support for another
architecture basically copy one of the cache files to the proper name,
enable it in Config.in and adjust endianess and all of the "size of"
answers. I'm in the process of automating the sizeof and endianess
answers within the samba build system to make them cross friendly
to simplify the answers file to just one generic linux variant.
The 3.6.x branch is still security supported for the forseeable future.

I'm currently working with samba upstream to solve many of these
issues but this will probably happen with the yet unreleased
4.2 branch only.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2014-03-02 15:20:47 +01:00