8941d02bf1
Added patch from Gentoo to fix uClibc build: access.c:(.text+0x1e8): undefined reference to `innetgr' Release notes: https://www.samba.org/samba/history/samba-4.15.8.html https://www.samba.org/samba/history/samba-4.15.9.html o CVE-2022-2031: Samba AD users can bypass certain restrictions associated with changing passwords. https://www.samba.org/samba/security/CVE-2022-2031.html o CVE-2022-32744: Samba AD users can forge password change requests for any user. https://www.samba.org/samba/security/CVE-2022-32744.html o CVE-2022-32745: Samba AD users can crash the server process with an LDAP add or modify request. https://www.samba.org/samba/security/CVE-2022-32745.html o CVE-2022-32746: Samba AD users can induce a use-after-free in the server process with an LDAP add or modify request. https://www.samba.org/samba/security/CVE-2022-32746.html o CVE-2022-32742: Server memory information leak via SMB1. https://www.samba.org/samba/security/CVE-2022-32742.html https://www.samba.org/samba/history/samba-4.15.10.html https://www.samba.org/samba/history/samba-4.15.11.html o CVE-2022-3437: There is a limited write heap buffer overflow in the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal (included in Samba). https://www.samba.org/samba/security/CVE-2022-3437.html Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
35 lines
1.2 KiB
Diff
35 lines
1.2 KiB
Diff
# Gentoo bug 855047
|
|
|
|
Fixes uClibc build when uClibc was build without netgroup support.
|
|
Upstream enables netgroup support based on getdomainname() being
|
|
present:
|
|
https://github.com/samba-team/samba/commit/f179184a2be2ddd38f463fcc12252f8d24e529f8#diff-b8d1bc25b89846e70ecb61cb296a8f5c50c9a0a1b62e46790fae81aa9d5bfaaeR632
|
|
|
|
Downloaded from
|
|
https://gitweb.gentoo.org/repo/gentoo.git/tree/net-fs/samba/files/samba-4.16.2-fix-musl-without-innetgr.patch
|
|
|
|
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
|
|
|
|
--- a/lib/util/access.c
|
|
+++ b/lib/util/access.c
|
|
@@ -115,7 +115,7 @@ static bool string_match(const char *tok,const char *s)
|
|
return true;
|
|
}
|
|
} else if (tok[0] == '@') { /* netgroup: look it up */
|
|
-#ifdef HAVE_NETGROUP
|
|
+#if defined(HAVE_NETGROUP) && defined(HAVE_INNETGR)
|
|
DATA_BLOB tmp;
|
|
char *mydomain = NULL;
|
|
char *hostname = NULL;
|
|
--- a/source3/auth/user_util.c
|
|
+++ b/source3/auth/user_util.c
|
|
@@ -135,7 +135,7 @@ static void store_map_in_gencache(TALLOC_CTX *ctx, const char *from, const char
|
|
|
|
bool user_in_netgroup(TALLOC_CTX *ctx, const char *user, const char *ngname)
|
|
{
|
|
-#ifdef HAVE_NETGROUP
|
|
+#if defined(HAVE_NETGROUP) && defined(HAVE_INNETGR)
|
|
char nis_domain_buf[256];
|
|
const char *nis_domain = NULL;
|
|
char *lowercase_user = NULL;
|