| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There is new patch-status QA check in oe-core:
https://git.openembedded.org/openembedded-core/commit/?id=76a685bfcf927593eac67157762a53259089ea8a
This is temporary work around just to hide _many_ warnings from
optional patch-status (if you add it to WARN_QA).
This just added
Upstream-Status: Pending
everywhere without actually investigating what's the proper status.
This is just to hide current QA warnings and to catch new .patch files being
added without Upstream-Status, but the number of Pending patches is now terrible:
5 (26%) meta-xfce
6 (50%) meta-perl
15 (42%) meta-webserver
21 (36%) meta-gnome
25 (57%) meta-filesystems
26 (43%) meta-initramfs
45 (45%) meta-python
47 (55%) meta-multimedia
312 (63%) meta-networking
756 (61%) meta-oe
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Release Notes:
https://www.samba.org/samba/history/samba-4.18.1.html
This is a security release in order to address the following defects:
CVE-2023-0225
CVE-2023-0922
CVE-2023-0614
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
Release Notes:
https://www.samba.org/samba/history/samba-4.18.0.html
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Release Notes:
https://www.samba.org/samba/history/samba-4.17.5.html
Drop 0007-waf-Fix-errors-with-Werror-implicit-function-declara.patch
as the issue has been fixed upstream.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
With export PYTHONHASHSEED="1" there will be no need for patching samba and its related libs
So easier maintenance and a cleaner OE
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The 4.14.x is EOL:
https://wiki.samba.org/index.php/Samba_Release_Planning
Upgrade to latest 4.17.x.
Release Notes:
https://www.samba.org/samba/history/samba-4.17.0.html
https://www.samba.org/samba/history/samba-4.17.4.html
* Refresh patches
* Update PACKAGECONFIG
* Split a new package ctdb
* Add a patch to skip checking PYTHONHASHSEED
* Drop the following patches as these issues have been fixed upstream:
0005-samba-build-dnsserver_common-code.patch
netdb_defines.patch
samba-fix-musl-lib-without-innetgr.patch
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Lei Maohui <leimaohui@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Add a patch to avoid implicit-function-declaration warnings, they will
soon become errors with clang 15+
set path for privatelibdir
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The test case tfork_cmd_send in smbtorture fails on target as it
requries a script located in the source directory:
$ smbtorture ncalrpc:localhost local.tfork.tfork_cmd_send
test: tfork_cmd_send
/buildarea/build/tmp/work/core2-64-poky-linux/samba/4.14.14-r0/samba-4.14.14/testprogs/blackbox/tfork.sh:
Failed to exec child - No such file or directory
This also triggers the buildpaths warning:
QA Issue: File /usr/bin/smbtorture in package samba-testsuite contains reference to TMPDIR [buildpaths]
Skip this test case in smbtorture to avoid the warning.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a security release in order to address the following defects:
CVE-2022-2031: Samba AD users can bypass certain restrictions associated
with changing passwords.
https://www.samba.org/samba/security/CVE-2022-2031.html
CVE-2022-32744: Samba AD users can forge password change requests for
any user.
https://www.samba.org/samba/security/CVE-2022-32744.html
CVE-2022-32745: Samba AD users can crash the server process with an LDAP
add or modify request.
https://www.samba.org/samba/security/CVE-2022-32745.html
CVE-2022-32746: Samba AD users can induce a use-after-free in the server
process with an LDAP add or modify request.
https://www.samba.org/samba/security/CVE-2022-32746.html
CVE-2022-32742: Server memory information leak via SMB1.
https://www.samba.org/samba/security/CVE-2022-32742.html
Release Notes:
https://www.samba.org/samba/history/samba-4.14.14.html
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
This is a bugfix release of the Samba 4.14 release series.
ChangeLog:
https://www.samba.org/samba/history/samba-4.14.13.html
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
Patch for CVE-2018-1050 is applied in version 4.5.15, 4.6.13, 4.7.5.
Patch for CVE-2018-1057 is applied in version 4.3.13, 4.4.16.
Signed-off-by: matsunaga-shinji <shin.matsunaga@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
| |
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* fixes:
meta-oe/meta-networking/recipes-support/strongswan/strongswan_5.9.4.bb:125: DeprecationWarning: invalid escape sequence \.
meta-oe/meta-networking/recipes-support/strongswan/strongswan_5.9.4.bb:126: DeprecationWarning: invalid escape sequence \.
meta-oe/meta-networking/recipes-support/strongswan/strongswan_5.9.4.bb:128: DeprecationWarning: invalid escape sequence \.
meta-oe/meta-networking/recipes-support/strongswan/strongswan_5.9.4.bb:129: DeprecationWarning: invalid escape sequence \.
meta-oe/meta-networking/recipes-support/strongswan/strongswan_5.9.4.bb:130: DeprecationWarning: invalid escape sequence \.
meta-oe/meta-oe/recipes-graphics/ttf-fonts/ttf-mplus_027.bb:18: DeprecationWarning: invalid escape sequence \.
meta-oe/meta-oe/recipes-multimedia/libcdio/libcdio-paranoia_10.2+2.0.1.bb:21: DeprecationWarning: invalid escape sequence \.
meta-oe/meta-oe/recipes-multimedia/libcdio/libcdio_2.1.0.bb:28: DeprecationWarning: invalid escape sequence \.
oe-core/meta/classes/package.bbclass:1342: DeprecationWarning: invalid escape sequence \.
oe-core/meta/classes/package.bbclass:1343: DeprecationWarning: invalid escape sequence \-
oe-core/meta/classes/package.bbclass:1343: DeprecationWarning: invalid escape sequence \.
oe-core/meta/classes/package.bbclass:1344: DeprecationWarning: invalid escape sequence \.
oe-core/meta/classes/package.bbclass:1345: DeprecationWarning: invalid escape sequence \.
oe-core/meta/classes/package.bbclass:1348: DeprecationWarning: invalid escape sequence \.
oe-core/meta/classes/package.bbclass:1350: DeprecationWarning: invalid escape sequence \.
oe-core/meta/classes/package.bbclass:1353: DeprecationWarning: invalid escape sequence \.
oe-core/meta/classes/package.bbclass:1355: DeprecationWarning: invalid escape sequence \.
oe-core/meta/classes/package.bbclass:1358: DeprecationWarning: invalid escape sequence \.
oe-core/meta/classes/package.bbclass:1360: DeprecationWarning: invalid escape sequence \.
oe-core/meta/classes/package.bbclass:1365: DeprecationWarning: invalid escape sequence \.
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
| |
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This is a security release in order to address the following defects:
CVE-2021-44142: Out-of-Bound Read/Write on Samba vfs_fruit module.
https://www.samba.org/samba/security/CVE-2021-44142.html
CVE-2022-0336: Re-adding an SPN skips subsequent SPN conflict checks.
https://www.samba.org/samba/security/CVE-2022-0336.html
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
============
There have been a few regressions in the security release 4.14.10:
o CVE-2020-25717: A user on the domain can become root on domain members.
https://www.samba.org/samba/security/CVE-2020-25717.html
PLEASE [RE-]READ!
The instructions have been updated and some workarounds
initially adviced for 4.14.10 are no longer required and
should be reverted in most cases.
o BUG-14902: User with multiple spaces (eg Fred<space><space>Nurk) become
un-deletable. While this release should fix this bug, it is
adviced to have a look at the bug report for more detailed
information, see https://bugzilla.samba.org/show_bug.cgi?id=14902.
Changes since 4.14.10
---------------------
* BUG 14878: Recursive directory delete with veto files is broken.
* BUG 14879: A directory containing dangling symlinks cannot be deleted by
SMB2 alone when they are the only entry in the directory.
* BUG 14656: Spaces incorrectly collapsed in ldb attributes.
* BUG 14694: Ensure that the LDB request has not timed out during filter
processing as the LDAP server MaxQueryDuration is otherwise not honoured.
* BUG 14901: The CVE-2020-25717 username map [script] advice has undesired
side effects for the local nt token.
* BUG 14902: User with multiple spaces (eg Fred<space><space>Nurk) become un-
deletable.
* BUG 14127: Avoid storing NTTIME_THAW (-2) as value on disk
* BUG 14922: Kerberos authentication on standalone server in MIT realm
broken.
* BUG 14923: Segmentation fault when joining the domain.
* BUG 14903: Support for ROLE_IPA_DC is incomplete.
* BUG 14788: Memory leak if ioctl(FSCTL_VALIDATE_NEGOTIATE_INFO) fails before
smbd_smb2_ioctl_send.
* BUG 14899: winbindd doesn't start when "allow trusted domains" is off.
* BUG 14901: The CVE-2020-25717 username map [script] advice has undesired
side effects for the local nt token.
* BUG 14694: Ensure that the LDB request has not timed out during filter
processing as the LDAP server MaxQueryDuration is otherwise not honoured.
* BUG 14901: The CVE-2020-25717 username map [script] advice has undesired
side effects for the local nt token.
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
Replace the configure tests UNKNOWN answers with the correct answers.
Then drop the related patches.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes:
$ python3
>>> import samba
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib64/python3.10/site-packages/samba/__init__.py", line 28, in <module>
import ldb
ModuleNotFoundError: No module named 'ldb'
>>>
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The pyext_PATTERN will add native arch as suffix when cross compiling.
For example, on qemuarm64, it is expanded to:
pyext_PATTERN ='%s.cpython-310-x86_64-linux-gnu.so'
which will result in the incorrect library name.
root@qemuarm64:~# find /usr/lib -name \*cpython\*
/usr/lib/pkgconfig/samba-policy.cpython-310-x86_64-linux-gnu.pc
/usr/lib/libsamba-policy.cpython-310-x86-64-linux-gnu.so
/usr/lib/samba/libsamba-python.cpython-310-x86-64-linux-gnu-samba4.so
/usr/lib/samba/libsamba-net.cpython-310-x86-64-linux-gnu-samba4.so
/usr/lib/libsamba-policy.cpython-310-x86-64-linux-gnu.so.0
/usr/lib/libsamba-policy.cpython-310-x86-64-linux-gnu.so.0.0.1
/usr/lib/python3.10/site-packages/samba/dsdb_dns.cpython-310-x86_64-linux-gnu.so
/usr/lib/python3.10/site-packages/samba/dsdb.cpython-310-x86_64-linux-gnu.so
/usr/lib/python3.10/site-packages/samba/xattr_tdb.cpython-310-x86_64-linux-gnu.so
/usr/lib/python3.10/site-packages/samba/_ldb.cpython-310-x86_64-linux-gnu.so
/usr/lib/python3.10/site-packages/samba/gensec.cpython-310-x86_64-linux-gnu.so
[snip]
Set pyext_PATTERN to '%s.so' to remove the suffix.
After the patch:
root@qemuarm64:~# find /usr/lib/
/usr/lib/pkgconfig/samba-policy.pc
/usr/lib/libsamba-policy.so
/usr/lib/samba/libsamba-python-samba4.so
/usr/lib/samba/libsamba-net-samba4.so
/usr/lib/libsamba-policy.so.0
/usr/lib/libsamba-policy.so.0.0.1
/usr/lib/python3.10/site-packages/samba/dsdb_dns.so
/usr/lib/python3.10/site-packages/samba/dsdb.so
/usr/lib/python3.10/site-packages/samba/xattr_tdb.so
/usr/lib/python3.10/site-packages/samba/_ldb.so
/usr/lib/python3.10/site-packages/samba/gensec.so
[snip]
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a security release in order to address the following defects:
CVE-2016-2124: SMB1 client connections can be downgraded to plaintext
authentication.
https://www.samba.org/samba/security/CVE-2016-2124.html
CVE-2020-25717: A user on the domain can become root on domain members.
https://www.samba.org/samba/security/CVE-2020-25717.html
CVE-2020-25718: Samba AD DC did not correctly sandbox Kerberos tickets
issued by an RODC.
https://www.samba.org/samba/security/CVE-2020-25718.html
CVE-2020-25719: Samba AD DC did not always rely on the SID and PAC in
Kerberos tickets.
https://www.samba.org/samba/security/CVE-2020-25719.html
CVE-2020-25721: Kerberos acceptors need easy access to stable AD
identifiers (eg objectSid).
https://www.samba.org/samba/security/CVE-2020-25721.html
CVE-2020-25722: Samba AD DC did not do suffienct access and conformance
checking of data stored.
https://www.samba.org/samba/security/CVE-2020-25722.html
CVE-2021-3738: Use after free in Samba AD DC RPC server.
https://www.samba.org/samba/security/CVE-2021-3738.html
CVE-2021-23192: Subsequent DCE/RPC fragment injection vulnerability.
https://www.samba.org/samba/security/CVE-2021-23192.html
See: https://www.samba.org/samba/history/samba-4.14.10.html
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
Release notes:
https://www.samba.org/samba/history/samba-4.14.8.html
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
Fixes
Checking for program 'pkg-config' : not found
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
Changelog:
https://www.samba.org/samba/history/samba-4.14.7.html
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
This is the result of automated script (0.9.1) conversion:
oe-core/scripts/contrib/convert-overrides.py .
converting the metadata to use ":" as the override character instead of "_".
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Add libparse-yapp-perl to RDEPENDS for pidl.
Fixes:
$ pidl
Can't locate Parse/Yapp/Driver.pm in @INC (you may need to install the Parse::Yapp::Driver module)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
The shebang in pidl points to wrong location:
$ pidl
-sh: /usr/bin/pidl: /buildarea/build/tmp-glibc/hosttools/env: bad interpreter: No such file or directory
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
We're not living in a perfect world so avoid build failures like:
ERROR: samba-4.14.5-r0 do_package_qa: QA Issue: samba-pidl contains perllocal.pod (/usr/lib/perl5/5.34.0/x86_64-linux/perllocal.pod), should not be installed [perllocalpod]
ERROR: samba-4.14.5-r0 do_package_qa: QA run found fatal errors. Please consider fixing them.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Error Message:
Problem: conflicting requests
- nothing provides samba-pidl needed by samba-client-4.14.5-r0.aarch64
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
This affects only on HP NonStop Server, so add it to allowlist.
Signed-off-by: Sekine Shigeki <sekine.shigeki@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
Changelog:
https://www.samba.org/samba/history/samba-4.14.5.html
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
This fails on cross-compilation for musl and clang.
Fixes configure error:
Checking whether fcntl supports setting/geting hints: UNKNOWN
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There are some options are deprecated in smb.conf.
Refer to
https://salsa.debian.org/samba-team/samba/-/blob/master/debian/smb.conf
to update it.
* Remove the deprecated "syslog only" and "syslog" global options and
replace them with the "logging" statement.
* Remove wins support and wins server comments since WINS protocol is
outdated.
* Improve idmap config
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The 4.10.x is EOL: https://wiki.samba.org/index.php/Samba_Release_Planning
Upgrade to latest 4.14.x.
Remove PACKAGECONFIG[gnutls] since the gnutls is now the mandatory
requirement for samba. See:
https://wiki.samba.org/index.php/Package_Dependencies_Required_to_Build_Samba#Mandatory
Refresh patches:
16-do-not-check-xsltproc-manpages.patch
20-do-not-import-target-module-while-cross-compile.patch
21-add-config-option-without-valgrind.patch
0001-Add-options-to-configure-the-use-of-libbsd.patch
dnsserver-4.7.0.patch
iconv-4.7.0.patch
0001-samba-fix-musl-lib-without-innetgr.patch
Drop patches:
0001-lib-replace-wscript-Avoid-generating-nested-main-fun.patch
0001-nsswitch-nsstest.c-Avoid-nss-function-conflicts-with.patch
0001-waf-add-support-of-cross_compile.patch
0002-util_sec.c-Move-__thread-variable-to-global-scope.patch
CVE-2020-14318.patch
CVE-2020-14383.patch
glibc_only.patch
smb_conf-4.7.0.patch
Add new patches:
0007-wscript_configure_system_gnutls-disable-check-gnutls.patch
0008-source3-wscript-disable-check-fcntl-F_OWNER_EX.patch
source3-wscript-disable-check-fcntl-RW_HINTS.patch
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
The licenses were renamed to match their SPDX names, fix the
references in LIC_FILES_CHKSUM
Correct the checksums where they were wrong
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14383
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14318
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This is security release in order to address CVE-2020-1472
(Unauthenticated domain takeover via netlogon ("ZeroLogon")).
See: https://www.samba.org/samba/history/samba-4.10.18.html
Also remove 3 backported patches.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a security release in order to address the following defects:
CVE-2020-10730: NULL pointer de-reference and use-after-free in Samba AD
DC LDAP Server with ASQ, VLV and paged_results.
CVE-2020-10745: Parsing and packing of NBT and DNS packets can consume
excessive CPU
CVE-2020-10760: LDAP Use-after-free in Samba AD DC Global Catalog with
paged_results and VLV.
CVE-2020-14303: Empty UDP packet DoS in Samba AD DC nbtd.
Also backport 3 patches to fix build error with musl.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
| |
This is seen with glibc 2.32 where these names are also defined
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
This is a security release in order to address the following defects:
CVE-2020-10700: Use-after-free in Samba AD DC LDAP Server with ASQ
CVE-2020-10704: LDAP Denial of Service (stack overflow) in Samba AD DC
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
It is unnecessary, and libbsd uses the "BSD-4-Clause" license, which can
be problematic.
To make it deterministic, a patch is introduced to allow libbsd support
to be disabled. It resembles similar patches in, e.g., libldb,
libtalloc, libtdb and libtevent.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
Changelog:
https://www.samba.org/samba/history/samba-4.10.13.html
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Security fixes:
CVE-2019-14861: Samba AD DC zone-named record Denial of Service in DNS
management server (dnsserver).
CVE-2019-14870: DelegationNotAllowed not being enforced in protocol transition
on Samba AD DC.
See: https://www.samba.org/samba/history/samba-4.10.11.html
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Guest accounts for Samba are a known potential vulnerability
(see https://www.tenable.com/plugins/nessus/26919) where info
about the host can be obtained without proper access. The option
"map to guest = bad user" allows login attempts with usernames
that don't exist to map to the guest account, while the
"restrict anonymous" value (implicitly set to 0 before this patch)
would allow any queries to obtain user and group list information.
Raise the default security level by setting "restrict anonymous"
to "1" and "map to guest" to "never" to avoid providing user/group
info to unauthenticated users and reject login attempts with an
invalid password, respectively.
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
fix wrong shebang "#!/usr/bin/env python3/"
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
Avoid warning due to the class rename in OE-Core.
Signed-off-by: Denys Dmytriyenko <denys@ti.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Security fixes:
CVE-2019-10218: Client code can return filenames containing path
separators.
CVE-2019-14833: Samba AD DC check password script does not receive the
full password.
CVE-2019-14847: User with "get changes" permission can crash AD DC LDAP
server via dirsync.
See: https://www.samba.org/samba/history/samba-4.10.10.html
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
