From patchwork Sat Oct 8 17:55:47 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Matthias Fischer X-Patchwork-Id: 6052 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4MlCXJ2Zfxz3wfW for ; Sat, 8 Oct 2022 17:56:00 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4MlCXG07pJz208; Sat, 8 Oct 2022 17:55:57 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4MlCXF5dHrz2yTq; Sat, 8 Oct 2022 17:55:57 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4MlCXC4Qtkz2xK9 for ; Sat, 8 Oct 2022 17:55:55 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4MlCXB4Gn4zd9 for ; Sat, 8 Oct 2022 17:55:54 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1665251754; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=qVcfg1sO/1eW/8lq1mBUo92m147h6WnIXc1RkQnUe58=; b=BVncmxgCIeY7o/bgYoX5RUZJ8riOa/M3inylCMD+yyryAqjl/LXGoUcbGeaMx/tZtxEnfi 07jF9NEkvMuPMiAw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1665251754; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=qVcfg1sO/1eW/8lq1mBUo92m147h6WnIXc1RkQnUe58=; b=FOgpcFdAt25sdg2L0JZEcjcTcpC9RGbmCWRMfAAOnXAmjcwIdqsPiHHyRWi54ir+s/zXse 4Ny3nL6ADD16RJ1a0Bid5cOp1wxOP/ZGn6+c8UHr4xcIVkLDYWb7K0p0zUl0s4KWzh+5DT 0MJTFThXC22wqW64WncsLWN29G3LEuBzHc+lucSWd3WO1kzRxgvlAcNRzkBGlQBzUA0BAy oVAvvGMnEUYtlN2esN+xcvXysIjNyIhcKF3yFm+Y+fufu1n69zZxiHoIDaqu+f4h6V0w6T WjH9vzA+byt1yxf8MGiPTW2JpqmC3xmcRObfMyOcOFWH2UNum1nqTAXsoKbKjg== From: Matthias Fischer To: development@lists.ipfire.org Subject: [PATCH] samba: Update to 4.17.0 Date: Sat, 8 Oct 2022 19:55:47 +0200 Message-Id: <20221008175547.3024889-1-matthias.fischer@ipfire.org> MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" For details see: https://www.samba.org/samba/latest_news.html#4.17.0 This "just came my way" and I found the CVEs listed on https://www.samba.org/samba/history/security.html which address "All versions of Samba prior to 4.16.4" or "All versions of Samba" rather long. The 'glibc_headers' patch is now included. Sad to say, due to the lack of hardware I can only include the rootfile for x86_64. Signed-off-by: Matthias Fischer --- config/rootfiles/packages/x86_64/samba | 59 ++++++++++++------- lfs/samba | 7 +-- src/patches/samba-4.16.4-glibc-headers.patch | 62 -------------------- 3 files changed, 40 insertions(+), 88 deletions(-) delete mode 100644 src/patches/samba-4.16.4-glibc-headers.patch diff --git a/config/rootfiles/packages/x86_64/samba b/config/rootfiles/packages/x86_64/samba index 66b210a08..2d8f0ae0d 100644 --- a/config/rootfiles/packages/x86_64/samba +++ b/config/rootfiles/packages/x86_64/samba @@ -154,8 +154,8 @@ usr/lib/libndr-standard.so usr/lib/libndr-standard.so.0 usr/lib/libndr-standard.so.0.0.1 usr/lib/libndr.so -usr/lib/libndr.so.2 -usr/lib/libndr.so.2.0.0 +usr/lib/libndr.so.3 +usr/lib/libndr.so.3.0.0 usr/lib/libnetapi.so usr/lib/libnetapi.so.1 usr/lib/libnetapi.so.1.0.0 @@ -166,6 +166,7 @@ usr/lib/libsamba-credentials.so.1 usr/lib/libsamba-credentials.so.1.0.0 usr/lib/libsamba-errors.so usr/lib/libsamba-errors.so.1 +usr/lib/libsamba-errors.so.1.0.0 usr/lib/libsamba-hostconfig.so usr/lib/libsamba-hostconfig.so.0 usr/lib/libsamba-hostconfig.so.0.0.1 @@ -282,13 +283,31 @@ usr/lib/python3.10/site-packages/samba/emulate/traffic_packets.py usr/lib/python3.10/site-packages/samba/forest_update.py usr/lib/python3.10/site-packages/samba/gensec.cpython-310-x86_64-linux-gnu.so usr/lib/python3.10/site-packages/samba/getopt.py -usr/lib/python3.10/site-packages/samba/gp_cert_auto_enroll_ext.py -usr/lib/python3.10/site-packages/samba/gp_chromium_ext.py -usr/lib/python3.10/site-packages/samba/gp_ext_loader.py -usr/lib/python3.10/site-packages/samba/gp_firefox_ext.py -usr/lib/python3.10/site-packages/samba/gp_firewalld_ext.py -usr/lib/python3.10/site-packages/samba/gp_gnome_settings_ext.py -usr/lib/python3.10/site-packages/samba/gp_msgs_ext.py +usr/lib/python3.10/site-packages/samba/gp +usr/lib/python3.10/site-packages/samba/gp/gp_centrify_crontab_ext.py +usr/lib/python3.10/site-packages/samba/gp/gp_centrify_sudoers_ext.py +usr/lib/python3.10/site-packages/samba/gp/gp_cert_auto_enroll_ext.py +usr/lib/python3.10/site-packages/samba/gp/gp_chromium_ext.py +usr/lib/python3.10/site-packages/samba/gp/gp_ext_loader.py +usr/lib/python3.10/site-packages/samba/gp/gp_firefox_ext.py +usr/lib/python3.10/site-packages/samba/gp/gp_firewalld_ext.py +usr/lib/python3.10/site-packages/samba/gp/gp_gnome_settings_ext.py +usr/lib/python3.10/site-packages/samba/gp/gp_msgs_ext.py +usr/lib/python3.10/site-packages/samba/gp/gp_scripts_ext.py +usr/lib/python3.10/site-packages/samba/gp/gp_sec_ext.py +usr/lib/python3.10/site-packages/samba/gp/gp_smb_conf_ext.py +usr/lib/python3.10/site-packages/samba/gp/gp_sudoers_ext.py +usr/lib/python3.10/site-packages/samba/gp/gpclass.py +usr/lib/python3.10/site-packages/samba/gp/util +usr/lib/python3.10/site-packages/samba/gp/util/logging.py +usr/lib/python3.10/site-packages/samba/gp/vgp_access_ext.py +usr/lib/python3.10/site-packages/samba/gp/vgp_files_ext.py +usr/lib/python3.10/site-packages/samba/gp/vgp_issue_ext.py +usr/lib/python3.10/site-packages/samba/gp/vgp_motd_ext.py +usr/lib/python3.10/site-packages/samba/gp/vgp_openssh_ext.py +usr/lib/python3.10/site-packages/samba/gp/vgp_startup_scripts_ext.py +usr/lib/python3.10/site-packages/samba/gp/vgp_sudoers_ext.py +usr/lib/python3.10/site-packages/samba/gp/vgp_symlink_ext.py #usr/lib/python3.10/site-packages/samba/gp_parse usr/lib/python3.10/site-packages/samba/gp_parse/__init__.py usr/lib/python3.10/site-packages/samba/gp_parse/gp_aas.py @@ -296,11 +315,6 @@ usr/lib/python3.10/site-packages/samba/gp_parse/gp_csv.py usr/lib/python3.10/site-packages/samba/gp_parse/gp_inf.py usr/lib/python3.10/site-packages/samba/gp_parse/gp_ini.py usr/lib/python3.10/site-packages/samba/gp_parse/gp_pol.py -usr/lib/python3.10/site-packages/samba/gp_scripts_ext.py -usr/lib/python3.10/site-packages/samba/gp_sec_ext.py -usr/lib/python3.10/site-packages/samba/gp_smb_conf_ext.py -usr/lib/python3.10/site-packages/samba/gp_sudoers_ext.py -usr/lib/python3.10/site-packages/samba/gpclass.py usr/lib/python3.10/site-packages/samba/gpo.cpython-310-x86_64-linux-gnu.so usr/lib/python3.10/site-packages/samba/graph.py usr/lib/python3.10/site-packages/samba/hostconfig.py @@ -375,12 +389,14 @@ usr/lib/python3.10/site-packages/samba/samba3/libsmb_samba_internal.py usr/lib/python3.10/site-packages/samba/samba3/mdscli.cpython-310-x86_64-linux-gnu.so usr/lib/python3.10/site-packages/samba/samba3/param.cpython-310-x86_64-linux-gnu.so usr/lib/python3.10/site-packages/samba/samba3/passdb.cpython-310-x86_64-linux-gnu.so +usr/lib/python3.10/site-packages/samba/samba3/smbconf.cpython-310-x86_64-linux-gnu.so usr/lib/python3.10/site-packages/samba/samba3/smbd.cpython-310-x86_64-linux-gnu.so usr/lib/python3.10/site-packages/samba/samdb.py usr/lib/python3.10/site-packages/samba/schema.py usr/lib/python3.10/site-packages/samba/sd_utils.py usr/lib/python3.10/site-packages/samba/security.cpython-310-x86_64-linux-gnu.so usr/lib/python3.10/site-packages/samba/sites.py +usr/lib/python3.10/site-packages/samba/smbconf.cpython-310-x86_64-linux-gnu.so usr/lib/python3.10/site-packages/samba/subnets.py #usr/lib/python3.10/site-packages/samba/subunit usr/lib/python3.10/site-packages/samba/subunit/__init__.py @@ -407,6 +423,7 @@ usr/lib/python3.10/site-packages/samba/tdb_util.py #usr/lib/python3.10/site-packages/samba/tests/blackbox/downgradedatabase.py #usr/lib/python3.10/site-packages/samba/tests/blackbox/mdsearch.py #usr/lib/python3.10/site-packages/samba/tests/blackbox/ndrdump.py +#usr/lib/python3.10/site-packages/samba/tests/blackbox/netads_dns.py #usr/lib/python3.10/site-packages/samba/tests/blackbox/netads_json.py #usr/lib/python3.10/site-packages/samba/tests/blackbox/samba_dnsupdate.py #usr/lib/python3.10/site-packages/samba/tests/blackbox/smbcacls.py @@ -498,7 +515,9 @@ usr/lib/python3.10/site-packages/samba/tdb_util.py #usr/lib/python3.10/site-packages/samba/tests/krb5/kdc_tgs_tests.py #usr/lib/python3.10/site-packages/samba/tests/krb5/kpasswd_tests.py #usr/lib/python3.10/site-packages/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py +#usr/lib/python3.10/site-packages/samba/tests/krb5/nt_hash_tests.py #usr/lib/python3.10/site-packages/samba/tests/krb5/pac_align_tests.py +#usr/lib/python3.10/site-packages/samba/tests/krb5/protected_users_tests.py #usr/lib/python3.10/site-packages/samba/tests/krb5/raw_testcase.py #usr/lib/python3.10/site-packages/samba/tests/krb5/rfc4120_constants.py #usr/lib/python3.10/site-packages/samba/tests/krb5/rfc4120_pyasn1.py @@ -521,6 +540,7 @@ usr/lib/python3.10/site-packages/samba/tdb_util.py #usr/lib/python3.10/site-packages/samba/tests/ldap_upn_sam_account.py #usr/lib/python3.10/site-packages/samba/tests/libsmb.py #usr/lib/python3.10/site-packages/samba/tests/loadparm.py +#usr/lib/python3.10/site-packages/samba/tests/logfiles.py #usr/lib/python3.10/site-packages/samba/tests/lsa_string.py #usr/lib/python3.10/site-packages/samba/tests/messaging.py #usr/lib/python3.10/site-packages/samba/tests/ndr.py @@ -537,6 +557,7 @@ usr/lib/python3.10/site-packages/samba/tdb_util.py #usr/lib/python3.10/site-packages/samba/tests/ntlmdisabled.py #usr/lib/python3.10/site-packages/samba/tests/pam_winbind.py #usr/lib/python3.10/site-packages/samba/tests/pam_winbind_chauthtok.py +#usr/lib/python3.10/site-packages/samba/tests/pam_winbind_setcred.py #usr/lib/python3.10/site-packages/samba/tests/pam_winbind_warn_pwd_expire.py #usr/lib/python3.10/site-packages/samba/tests/param.py #usr/lib/python3.10/site-packages/samba/tests/password_hash.py @@ -606,8 +627,10 @@ usr/lib/python3.10/site-packages/samba/tdb_util.py #usr/lib/python3.10/site-packages/samba/tests/sddl.py #usr/lib/python3.10/site-packages/samba/tests/security.py #usr/lib/python3.10/site-packages/samba/tests/segfault.py +#usr/lib/python3.10/site-packages/samba/tests/sid_strings.py #usr/lib/python3.10/site-packages/samba/tests/smb-notify.py #usr/lib/python3.10/site-packages/samba/tests/smb.py +#usr/lib/python3.10/site-packages/samba/tests/smbconf.py #usr/lib/python3.10/site-packages/samba/tests/smbd_base.py #usr/lib/python3.10/site-packages/samba/tests/smbd_fuzztest.py #usr/lib/python3.10/site-packages/samba/tests/source.py @@ -624,14 +647,6 @@ usr/lib/python3.10/site-packages/samba/trust_utils.py usr/lib/python3.10/site-packages/samba/upgrade.py usr/lib/python3.10/site-packages/samba/upgradehelpers.py usr/lib/python3.10/site-packages/samba/uptodateness.py -usr/lib/python3.10/site-packages/samba/vgp_access_ext.py -usr/lib/python3.10/site-packages/samba/vgp_files_ext.py -usr/lib/python3.10/site-packages/samba/vgp_issue_ext.py -usr/lib/python3.10/site-packages/samba/vgp_motd_ext.py -usr/lib/python3.10/site-packages/samba/vgp_openssh_ext.py -usr/lib/python3.10/site-packages/samba/vgp_startup_scripts_ext.py -usr/lib/python3.10/site-packages/samba/vgp_sudoers_ext.py -usr/lib/python3.10/site-packages/samba/vgp_symlink_ext.py usr/lib/python3.10/site-packages/samba/werror.cpython-310-x86_64-linux-gnu.so usr/lib/python3.10/site-packages/samba/xattr.py usr/lib/python3.10/site-packages/samba/xattr_native.cpython-310-x86_64-linux-gnu.so diff --git a/lfs/samba b/lfs/samba index 67ebebc2f..f743bfa30 100644 --- a/lfs/samba +++ b/lfs/samba @@ -24,7 +24,7 @@ include Config -VER = 4.16.4 +VER = 4.17.0 SUMMARY = A SMB/CIFS File, Print, and Authentication Server THISAPP = samba-$(VER) @@ -33,7 +33,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = samba -PAK_VER = 87 +PAK_VER = 88 DEPS = avahi cups libtirpc perl-Parse-Yapp perl-JSON @@ -47,7 +47,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = e685511a76770272cabd1292f36d2b005e2d21212e4782cdf4fd05039f7667b35501873cffa9a53547d523805b2a91ffeba0881aaee905304968c42efef22dfa +$(DL_FILE)_BLAKE2 = d05b17748092bc151b0b627156b1da4a8b30b603569adcef376640745425321617a755add41315af0b38876344323a20185063e131c342c9b6fdcb9542be73f1 install : $(TARGET) @@ -80,7 +80,6 @@ $(subst %,%_BLAKE2,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba-4.16.4-glibc-headers.patch cd $(DIR_APP) && ./configure \ --prefix=/usr \ --libdir=/usr/lib/ \ diff --git a/src/patches/samba-4.16.4-glibc-headers.patch b/src/patches/samba-4.16.4-glibc-headers.patch deleted file mode 100644 index 8c75a4172..000000000 --- a/src/patches/samba-4.16.4-glibc-headers.patch +++ /dev/null @@ -1,62 +0,0 @@ -From 766151bf5b7ef95ae4c8c98b8994e5c21c5bbec0 Mon Sep 17 00:00:00 2001 -From: Andreas Schneider -Date: Tue, 2 Aug 2022 07:55:46 +0200 -Subject: [PATCH] lib:replace: Only include on non-Linux systems -MIME-Version: 1.0 -Content-Type: text/plain; charset=utf8 -Content-Transfer-Encoding: 8bit - -Details at: -https://sourceware.org/glibc/wiki/Release/2.36#Usage_of_.3Clinux.2Fmount.h.3E_and_.3Csys.2Fmount.h.3E - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=15132 - -Signed-off-by: Andreas Schneider -Reviewed-by: Ralph Boehme - -Autobuild-User(master): Ralph Böhme -Autobuild-Date(master): Tue Aug 2 11:05:14 UTC 2022 on sn-devel-184 ---- - lib/replace/system/filesys.h | 4 +++- - lib/replace/wscript | 3 +++ - 2 files changed, 6 insertions(+), 1 deletion(-) - -diff --git a/lib/replace/system/filesys.h b/lib/replace/system/filesys.h -index 034e5d5886c..bb9482c69af 100644 ---- a/lib/replace/system/filesys.h -+++ b/lib/replace/system/filesys.h -@@ -36,7 +36,8 @@ - #include - #endif - --#ifdef HAVE_SYS_MOUNT_H -+/* This include is required on UNIX (*BSD, AIX, ...) for statfs() */ -+#if !defined(LINUX) && defined(HAVE_SYS_MOUNT_H) - #include - #endif - -@@ -44,6 +45,7 @@ - #include - #endif - -+/* This include is required on Linux for statfs() */ - #ifdef HAVE_SYS_VFS_H - #include - #endif -diff --git a/lib/replace/wscript b/lib/replace/wscript -index 4c774d9f0c3..dd9b19219a1 100644 ---- a/lib/replace/wscript -+++ b/lib/replace/wscript -@@ -31,6 +31,9 @@ def configure(conf): - - conf.env.standalone_replace = conf.IN_LAUNCH_DIR() - -+ if sys.platform.rfind('linux') > -1: -+ conf.DEFINE('LINUX', '1') -+ - conf.DEFINE('BOOL_DEFINED', 1) - conf.DEFINE('HAVE_LIBREPLACE', 1) - conf.DEFINE('LIBREPLACE_NETWORK_CHECKS', 1) --- -2.30.2 -