kumquat-buildroot/package/samba4/0002-build-find-pre-built-heimdal-build-tools-in-case-of-.patch
Bernd Kuhls 2dd2df43db package/samba4: security bump version to 4.11.4
Version 4.11.3 fixes

CVE-2019-14861: Samba AD DC zone-named record Denial of Service in DNS
                management server (dnsserver).
CVE-2019-14870: DelegationNotAllowed not being enforced in protocol
                transition on Samba AD DC.

Changelog:
https://www.samba.org/samba/history/samba-4.11.3.html
https://www.samba.org/samba/history/samba-4.11.4.html

Removed patches applied upstream, rebased patch 0002.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-01-04 16:21:41 +01:00

87 lines
3.4 KiB
Diff

From e002d2ef2688d5433d2bd03aa4d77a0ec5ac4e63 Mon Sep 17 00:00:00 2001
From: Uri Simchoni <uri@samba.org>
Date: Sun, 20 Oct 2019 00:03:14 +0300
Subject: [PATCH] build: find pre-built heimdal build tools in case of embedded
heimdal
This patch fixes the case of finding asn1_compile and compile_et for
building embedded heimdal, by setting
--bundled-libraries='!asn1_compile,!compile_et' as configure flags.
The Heimdal build tools compile_et and asn1_compile are needed *only*
if we use the embedded heimdal (otherwise we don't build heimdal and
use headers that have been generated by those tools elsewhere).
For cross-compilation with embedded heimdal, it is vital to use host build
tools, and so asn1_compile and compile_et must be supplied and not
built. One way of doing this would be to set the COMPILE_ET and
ASN1_COMPILE env vars to the location of supplied binaries. Another way,
which is more commonly used, is to exclude asn1_compile and compile_et
from bundled packages via the switch
-bundled-libraries='!asn1_compile,!compile_et'. When this is done,
the build script searches the path for those tools and sets the
ASN1_COMPILE and COMPILE_ET vars accordingly. (this is admittedly
kind of a round-about way of doing things but this has become the
de-facto standard amongst embedded distro builders).
In commit 8061983d4882f3ba3f12da71443b035d7b672eec, this process of
finding the binaris has been moved to be carried out only in the
system heimdal case. As explained above, we only need these tools,
and hence the check, in bundled mode.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14164
Signed-off-by: Uri Simchoni <uri@samba.org>
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
---
wscript_configure_embedded_heimdal | 11 +++++++++++
wscript_configure_system_heimdal | 11 -----------
2 files changed, 11 insertions(+), 11 deletions(-)
diff --git a/wscript_configure_embedded_heimdal b/wscript_configure_embedded_heimdal
index 8c55ae2a938..4fdae8062c5 100644
--- a/wscript_configure_embedded_heimdal
+++ b/wscript_configure_embedded_heimdal
@@ -1 +1,12 @@
conf.RECURSE('source4/heimdal_build')
+
+def check_system_heimdal_binary(name):
+ if conf.LIB_MAY_BE_BUNDLED(name):
+ return False
+ if not conf.find_program(name, var=name.upper()):
+ return False
+ conf.define('USING_SYSTEM_%s' % name.upper(), 1)
+ return True
+
+check_system_heimdal_binary("compile_et")
+check_system_heimdal_binary("asn1_compile")
diff --git a/wscript_configure_system_heimdal b/wscript_configure_system_heimdal
index 0ff6dad2f55..f77c177442f 100644
--- a/wscript_configure_system_heimdal
+++ b/wscript_configure_system_heimdal
@@ -36,14 +36,6 @@ def check_system_heimdal_lib(name, functions='', headers='', onlyif=None):
conf.define('USING_SYSTEM_%s' % name.upper(), 1)
return True
-def check_system_heimdal_binary(name):
- if conf.LIB_MAY_BE_BUNDLED(name):
- return False
- if not conf.find_program(name, var=name.upper()):
- return False
- conf.define('USING_SYSTEM_%s' % name.upper(), 1)
- return True
-
check_system_heimdal_lib("com_err", "com_right_r com_err", "com_err.h")
if check_system_heimdal_lib("roken", "rk_socket_set_reuseaddr", "roken.h"):
@@ -88,7 +88,4 @@
#if conf.CHECK_BUNDLED_SYSTEM('tommath', checkfunctions='mp_init', headers='tommath.h'):
# conf.define('USING_SYSTEM_TOMMATH', 1)
-check_system_heimdal_binary("compile_et")
-check_system_heimdal_binary("asn1_compile")
-
conf.define('USING_SYSTEM_KRB5', 1)
--
2.20.1