summaryrefslogtreecommitdiffstats
path: root/package/samba4
Commit message (Collapse)AuthorAgeFilesLines
...
* package/samba4: Change tmpfiles pathMaxime Hadjinlian2016-07-021-2/+2
| | | | | | | | | | | | | | | | | Per the documentation: https://www.freedesktop.org/software/systemd/man/tmpfiles.d.html The order of path by priorites is: /etc/tmpfiles.d/*.conf /run/tmpfiles.d/*.conf /usr/lib/tmpfiles.d/*.conf For the user to be able to override our tmpfiles easily, it's better to place our files in /usr/lib/tmpfiles.d/ Signed-off-by: Maxime Hadjinlian <maxime.hadjinlian@gmail.com> Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* samba4: bump to version 4.4.4Gustavo Zacarias2016-06-082-2/+2
| | | | | Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* Merge branch 'next'Peter Korsgaard2016-06-011-10/+0
|\ | | | | | | Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
| * samba4: remove compilation of .pyc filesThomas Petazzoni2016-05-261-10/+0
| | | | | | | | | | | | | | | | | | Now that .py files are globally compiled into .pyc files, we can get rid of the samba4 specific logic doing this compilation. Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> Reviewed-by: Samuel Martin <s.martin49@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* | package/samba4: create tempfile with systemdYann E. MORIN2016-05-161-0/+3
|/ | | | | | | | | | | | | | | | | | With systemd, samba4 will need some special temporary files to be created on each boot, as explained in: packaging/systemd/README Install the provided template file as configuration. However, this is not enough, as even the log directory is a tmpfs in the default Buildroot configuration, so we must also create the log directory on each boot. Hence we append this to the template installed above. Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Cc: Gustavo Zacarias <gustavo@zacarias.com.ar> Acked-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* samba4: bump to version 4.4.3Gustavo Zacarias2016-05-022-2/+2
| | | | | | | Fixes a few regressions from the previous security bump. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* samba4: security bump to version 4.4.2Gustavo Zacarias2016-04-122-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes: CVE-2016-2118 - A man in the middle can intercept any DCERPC traffic between a client and a server in order toimpersonate the client and get the same privileges as the authenticated user account. CVE-2016-2115 - The protection of DCERPC communication over ncacn_np (which is the default for most the file server related protocols) is inherited from the underlying SMB connection. Samba doesn't enforce SMB signing for this kind of SMB connections by default, which makes man in the middle attacks possible. CVE-2016-2114 - Due to a bug Samba doesn't enforce required smb signing, even if explicitly configured. CVE-2016-2113 - Man in the middle attacks are possible for client triggered LDAP connections (with ldaps://) and ncacn_http connections (with https://). CVE-2016-2112 - A man in the middle is able to downgrade LDAP connections to no integrity protection. It's possible to attack client and server with this. CVE-2016-2111 - When Samba is configured as Domain Controller it allows remote attackers to spoof the computer name of a secure channel's endpoints, and obtain sensitive session information, by running a crafted application and leveraging the ability to sniff network traffic. CVE-2016-2110 - The feature negotiation of NTLMSSP is not downgrade protected. A man in the middle is able to clear even required flags, especially NTLMSSP_NEGOTIATE_SIGN and NTLMSSP_NEGOTIATE_SEAL. CVE-2015-5370 - Errors in Samba DCE-RPC code can lead to denial of service (crashes and high cpu consumption) and man in the middle attacks. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* samba4: drop --with-gettext configure optionGustavo Zacarias2016-03-251-1/+0
| | | | | | | | | The --with-gettext=X configure option was silently dropped from the 4.4.0 release and it errors out since it's unknown. Fixes: http://autobuild.buildroot.net/results/3c0/3c0800fd6cc7a217a866cd9cf63d5f91dcbfd306/ Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* samba4: bump to version 4.4.0Gustavo Zacarias2016-03-243-65/+3
| | | | | | | | | | libaio support is now automatic so drop the enable/disable (it will fall back to pthread aio if libaio is not present). 0002-build-improve-stack-protector-check.patch is upstream so remove it. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* samba4: add host-python to dependenciesGustavo Zacarias2016-03-161-1/+3
| | | | | | | | | | | | Even though it's inherited by the python dependency it's more clear this way for graph-depends, since it's used by the waf buildsystem. And even though we have a hard dependency on python for the distro this python could ostensibly be 3.x which isn't compatible with the bundled waf series (1.5.x) in samba (as of current shipping version and upcoming 4.4.x series). Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* samba: remove deprecatedGustavo Zacarias2016-03-151-1/+0
| | | | | | | | It's been deprecated for a year now so remove it. [Peter: drop !samba dependency from samba4] Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* samba4: security bump to version 4.3.6Gustavo Zacarias2016-03-082-2/+2
| | | | | | | | | | | Fixes: CVE-2015-7560 - Authenticated client could cause Samba to overwrite ACLs with incorrect owner/group. CVE-2016-0771 - Malicious request can cause the Samba internal DNS server to crash or unintentionally return uninitialized memory. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* Merge branch 'next'Peter Korsgaard2016-03-022-2/+2
|\ | | | | | | Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
| * samba4: bump to version 4.3.5Gustavo Zacarias2016-02-232-2/+2
| | | | | | | | | | Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* | samba4: add optional libbsd dependencyGustavo Zacarias2016-02-131-0/+1
|/ | | | | | | | | It's used for some small functions like md5 support, non-essential since samba has an internal fallback for those, but still add it for predictability. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* samba4: add dependency on BR2_TOOLCHAIN_HAS_SYNC_4Thomas Petazzoni2016-02-061-0/+2
| | | | | | | | | | | | samba4 uses the __sync_fetch_and_add_4() atomic built-in, so it should depend on BR2_TOOLCHAIN_HAS_SYNC_4 in order to avoid build failures on architectures not providing this atomic built-in. Fixes: http://autobuild.buildroot.org/results/0d0fd9d2a132a40a840bea5df59c35d8573ebf45/ Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* samba4: remove dependency on specific C librariesThomas Petazzoni2016-02-011-5/+2
| | | | | | | | | | | | | | | | | | | | samba4 relies on the $ORIGIN feature of the dynamic linker, which used to not be implemented in old uClibc versions. However: - this feature is supported by glibc - this feature is supported by uClibc-ng, which is the only uClibc version we are going to support - this feature is supported by musl Consequently, we can completely remove the dependency of samba4 on certain C libraries. Note that despite this commit, samba4 still cannot be chosen when the musl C library is used, because samba4 requires native RPC support, which musl doesn't provide. Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* samba4: bump to version 4.3.4Gustavo Zacarias2016-01-122-2/+2
| | | | | Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* samba4: security bump to version 4.3.3Gustavo Zacarias2015-12-172-2/+2
| | | | | | | | | | | | | | | | Fixes: CVE-2015-7540 - Remote DoS in Samba (AD) LDAP server CVE-2015-3223 - Denial of service in Samba Active Directory server CVE-2015-5252 - Insufficient symlink verification in smbd) CVE-2015-5299 - Missing access control check in shadow copy code CVE-2015-5296 - Samba client requesting encryption vulnerable to downgrade attack CVE-2015-8467 - Denial of service attack against Windows Active Directory server CVE-2015-5330 - Remote memory read in Samba LDAP server Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* samba4: bump to version 4.3.2Gustavo Zacarias2015-12-012-2/+2
| | | | | Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* samba4: bump to version 4.3.1Gustavo Zacarias2015-10-202-2/+2
| | | | | Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package: Replace 'echo -n' by 'printf'Maxime Hadjinlian2015-10-041-5/+5
| | | | | | | | | | | | 'echo -n' is not a POSIX construct (no flag support), we shoud use 'printf', especially in init script. This patch was generated by the following command line: git grep -l 'echo -n' -- `git ls-files | grep -v 'patch'` | xargs sed -i 's/echo -n/printf/' Signed-off-by: Maxime Hadjinlian <maxime.hadjinlian@gmail.com> Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* samba: bump to version 4.3.0Gustavo Zacarias2015-09-133-3/+59
| | | | | | | | | New patch status: sent upstream. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Reviewed-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Tested-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* samba4: bump to version 4.2.3Gustavo Zacarias2015-07-142-2/+2
| | | | | Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* samba4: install systemd filesAlex Suykov2015-07-051-0/+16
| | | | | | | | | | The package comes with usable .service files for smbd, nmbd and winbind, but does not install them. [Thomas: use relative paths for the symbolic links.] Signed-off-by: Alex Suykov <alex.suykov@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* samba4: propagate python dependenciesBaruch Siach2015-06-081-3/+6
| | | | | | | | | | Fix the toolchain dependencies comment condition while at it. Fixes: http://autobuild.buildroot.net/results/e32/e32b85728a84bfea741709eabcc6d4a7af0b41a1/ Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* samba4: enable for uclibc-ngGustavo Zacarias2015-06-021-3/+9
| | | | | | | | uClibc-ng has the required functionality for samba 4.2.x without the need for any special tricks. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* samba: bump to version 4.2.2Gustavo Zacarias2015-06-022-2/+2
| | | | | Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* samba4: bump to version 4.2.1Gustavo Zacarias2015-04-163-3/+3
| | | | | Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* samba4: install to stagingGustavo Zacarias2015-03-061-0/+5
| | | | | | | It's required for packages that need libsmbclient. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* samba4: specify ncurses-configGustavo Zacarias2015-03-061-0/+1
| | | | | | | | | When ncurses wide is enabled samba doesn't automatically find the appropiate ncurses-config script and finds the host variant (which is non-widec) which leaks improper library directories into the build. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* samba4: bump to version 4.2.0Gustavo Zacarias2015-03-0610-453/+63
| | | | | | | | | | Now with support for AD DC, ADS and clustering features. All dropped patches are upstream. [Thomas: move indentation fixes to a separate patch.] Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* samba4: fix indentationThomas Petazzoni2015-03-061-24/+24
| | | | | | | In preparation to the bump of samba4 to 4.2, let's re-indent the samba4.mk to the usual Buildroot convention. Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* Merge branch 'next'Peter Korsgaard2015-03-021-1/+0
|\ | | | | | | Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
| * packages: all salute the passing of avr32Yann E. MORIN2015-02-141-1/+0
| | | | | | | | | | Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* | samba4: security bump to version 4.1.17Gustavo Zacarias2015-02-232-2/+2
|/ | | | | | | | Fixes: CVE-2015-0240 - Unexpected code execution in smbd. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* samba4: security bump to version 4.1.16Gustavo Zacarias2015-01-169-2/+2
| | | | | | | | | | Fixes CVE-2014-8143 - dsdb-samldb: Check for extended access rights before we allow changes to userAccountControl. Also rename patches to new naming convention. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* samba4: bump to version 4.1.15Gustavo Zacarias2015-01-122-2/+2
| | | | | Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* samba4: bump to version 4.1.14Gustavo Zacarias2014-12-012-2/+2
| | | | | | Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Tested-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* sysv init scripts: fix == bashismAndré Erdmann2014-11-111-5/+5
| | | | | | | | | | | | | | | | | test a == b is not available in e.g. dash. Command(s) used for editing: q=\[\"\'\] operand="${q}?[$]?[a-zA-Z0-9_\?]+${q}?" ## doesn't detect ${VAR} test_expr="(\[\s+${operand}\s+)==(\s+${operand}\s+\])" find . -type f -name '[SK][0-9][0-9]*' | \ xargs sed -r -e "s@${test_expr}@\1=\2@g" -i Signed-off-by: André Erdmann <dywi@mailerd.de> Acked-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* samba4: bump to version 4.1.13Gustavo Zacarias2014-10-242-1/+3
| | | | | | | Also add hash file. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* packages: rename FOO_CONF_OPT into FOO_CONF_OPTSThomas De Schampheleire2014-10-041-16/+16
| | | | | | | | | | | | To be consistent with the recent change of FOO_MAKE_OPT into FOO_MAKE_OPTS, make the same change for FOO_CONF_OPT. Sed command used: find * -type f | xargs sed -i 's#_CONF_OPT\>#&S#g' Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com> Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* samba4: bump to version 4.1.12Gustavo Zacarias2014-09-091-5/+7
| | | | | | | | Also tweak library moves since uClibc doesn't do $ORIGIN and libreplace is found that way now. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* samba4: add comment mmu dependsGustavo Zacarias2014-08-041-0/+1
| | | | | | | | Otherwise it shows up indirectly when toolchain options aren't enough and then vanishes when they are fulfilled. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* samba4: security update to 4.1.11Gustavo Zacarias2014-08-031-1/+1
| | | | | | | Fixes CVE-2014-3560 (Remote code execution in nmbd). Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* samba4: bump to version 4.1.10Gustavo Zacarias2014-07-311-2/+20
| | | | | | | | Lots of bugfixes, enhancements to provisioning and printing support via cups. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* samba4: security bump to version 4.1.9Gustavo Zacarias2014-06-231-1/+1
| | | | | | | | | Fixes: CVE-2014-0244 (Denial of service - CPU loop) CVE-2014-3493 (Denial of service - Server crash/memory corruption) Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* samba4: security bump to version 4.1.8Gustavo Zacarias2014-06-033-105/+1
| | | | | | | | | Fixes CVE-2014-0178 (Malformed FSCTL_SRV_ENUMERATE_SNAPSHOTS response) and CVE-2014-0239 (dns: Don't reply to replies). Patches 0001 and 0002 are now part of the 4.1.x release branch. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/samba{,4}: disable on nios2Yann E. MORIN2014-05-231-0/+1
| | | | | | | | | | | | | | | samba produces particularly large binaries, and the relocations needed for it do not fit in the possible relocation mechanisms available on nios2. Since samba is very unlikely to be used on nios2, let's just disable it, as we've done for AVR32. Fixes: http://autobuild.buildroot.net/results/7b9/7b9dcb537f98714fe57fe384ecbb49bd9ae52aee/ Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Cc: Gustavo Zacarias <gustavo@zacarias.com.ar> Acked-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* samba4: disable libbsd supportGustavo Zacarias2014-05-191-0/+26
| | | | | | | | | There's a symbol conflict between regular (POSIX) link(2) and the BSD variant for builtin heimdal when libbsd is around and used. Fixes: http://autobuild.buildroot.net/results/657/65726ceccbc2d8fa24e178ea66cd44703768bc95/ Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
OpenPOWER on IntegriCloud