buildroot/package/samba4, branch 2019.02-op-buildOpenPOWER buildroot sourceshttps://git.raptorcs.com/git/buildroot/atom?h=2019.02-op-build2019-03-25T21:23:19+00:00package/samba4: security bump to version 4.9.52019-03-25T21:23:19+00:00Bernd Kuhlsbernd.kuhls@t-online.de2019-03-15T17:59:58+00:00urn:sha1:59f9971694acd60fcda11f5ea731fd05e99daba1
Release notes: https://www.samba.org/samba/history/samba-4.9.5.html
Fixes CVE-2019-3824:
ldb: Out of bound read in ldb_wildcard_compare
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit e7d67faac5be820b1c8019eb249adf8765d4cf42)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
package/samba4: security bump to version 4.9.42019-01-27T09:46:21+00:00Bernd Kuhlsbernd.kuhls@t-online.de2019-01-26T09:48:52+00:00urn:sha1:3cf46525b943b3844020f41d4271aee8b0083ec1
Fixes the following security issues:
- CVE-2018-14629 dns: Fix CNAME loop prevention using counter regression
- CVE-2018-16853: Fix S4U2Self crash with MIT KDC build
- CVE-2018-16853: Do not segfault if client is not set
For more info, see the release notes:
https://www.samba.org/samba/history/samba-4.9.4.html
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[Peter: mention security impact, add CVE info]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
samba4: security bump to version 4.9.32018-11-29T14:48:30+00:00Peter Korsgaardpeter@korsgaard.com2018-11-29T09:21:45+00:00urn:sha1:0839e4a85e929c0faa30ee7a5e9d8ac74b9d04ab
Fixes the following security vulnerabilities:
- CVE-2018-14629:
All versions of Samba from 4.0.0 onwards are vulnerable to infinite
query recursion caused by CNAME loops. Any dns record can be added via
ldap by an unprivileged user using the ldbadd tool, so this is a
security issue.
- CVE-2018-16841:
When configured to accept smart-card authentication, Samba's KDC will call
talloc_free() twice on the same memory if the principal in a validly signed
certificate does not match the principal in the AS-REQ.
This is only possible after authentication with a trusted certificate.
talloc is robust against further corruption from a double-free with
talloc_free() and directly calls abort(), terminating the KDC process.
There is no further vulnerability associated with this issue, merely a
denial of service.
- CVE-2018-16851:
During the processing of an LDAP search before Samba's AD DC returns
the LDAP entries to the client, the entries are cached in a single
memory object with a maximum size of 256MB. When this size is
reached, the Samba process providing the LDAP service will follow the
NULL pointer, terminating the process.
There is no further vulnerability associated with this issue, merely a
denial of service.
- CVE-2018-16852:
During the processing of an DNS zone in the DNS management DCE/RPC server,
the internal DNS server or the Samba DLZ plugin for BIND9, if the
DSPROPERTY_ZONE_MASTER_SERVERS property or DSPROPERTY_ZONE_SCAVENGING_SERVERS
property is set, the server will follow a NULL pointer and terminate.
There is no further vulnerability associated with this issue, merely a
denial of service.
- CVE-2018-16853:
A user in a Samba AD domain can crash the KDC when Samba is built in the
non-default MIT Kerberos configuration.
With this advisory we clarify that the MIT Kerberos build of the Samba
AD DC is considered experimental. Therefore the Samba Team will not
issue security patches for this configuration.
- CVE-2018-16857:
AD DC Configurations watching for bad passwords (to restrict brute forcing
of passwords) in a window of more than 3 minutes may not watch for bad
passwords at all.
For more details, see the release notes:
https://www.samba.org/samba/history/samba-4.9.3.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
package/samba4: fix install of systemd files2018-11-25T08:37:07+00:00Fabrice Fontainefontaine.fabrice@gmail.com2018-11-24T20:12:41+00:00urn:sha1:ea5280b889782e28b6bdf43e28b0e6a3a610f921
Since version 4.8.0 and
https://github.com/samba-team/samba/commit/080d590de1ff9f8ebc55aeffaea8d41991466549,
the systemd files (nmd.service, ...) are not available in packaging/systemd
Indeed, they are built in bin/default/packaging/systemd
So use the new --systemd-install-services configure option to install
these files
Fixes:
- http://autobuild.buildroot.org/results/a09a065c523931c1892e81a99c57521fbe095d8b
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
package/samba4: bump version to 4.9.22018-11-08T21:17:20+00:00Bernd Kuhlsbernd.kuhls@t-online.de2018-11-08T20:33:56+00:00urn:sha1:3c85e9044b32a8ddcf01c499d23c82aa82c90ca1
Release notes: https://www.samba.org/samba/history/samba-4.9.2.html
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
package/samba4: Fix uClibc build on 64bit platforms by including stdint.h, updated for 4.9.12018-10-03T07:37:59+00:00Bernd Kuhlsbernd.kuhls@t-online.de2018-10-01T13:55:49+00:00urn:sha1:7b0ec4460eaa008638fd26f7786961b16959a4e7
Fixes
http://autobuild.buildroot.net/results/68f/68f3fb75ba8a2f138e9c3f37b2681b81441e2cd9/
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
package/samba4: bump version to 4.9.12018-09-30T08:37:25+00:00Bernd Kuhlsbernd.kuhls@t-online.de2018-09-30T08:01:39+00:00urn:sha1:cecabf597cce2fe53f87f9d7b336756025af510e
Release notes: https://www.samba.org/samba/history/samba-4.9.1.html
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
package/samba4: bump version to 4.9.02018-09-16T13:11:45+00:00Bernd Kuhlsbernd.kuhls@t-online.de2018-09-15T18:16:30+00:00urn:sha1:19544fc3aa46c1276445a6a04c948f8fac20dcdd
Release notes: https://www.samba.org/samba/history/samba-4.9.0.html
Added optional dependency to libarchive to fix configure error:
Checking for libarchive existence
Checking for header archive.h : no
/home/buildroot/br5/output/build/samba4-4.9.0/source3/wscript:225:
error: libarchive support not found. Try installing libarchive-dev or
libarchive-devel. Otherwise, use --without-libarchive to build without
libarchive support. libarchive support is required for the smbclient
tar-file mode
Disabled gpgme support to fix configure error:
Checking for program gpgme-config : not found
Checking for library gpgme : not found
Checking for gpgme_new : not found
/home/buildroot/br5/output/build/samba4-4.9.0/source4/dsdb/samdb/ldb_modules/wscript:40:
error: GPGME support not found. Try installing libgpgme11-dev or
gpgme-devel and python-gpgme. Otherwise, use --without-gpgme to build
without GPGME support or --without-ad-dc to build without the Samba AD
DC. GPGME support is required for the GPG encrypted password sync
feature
Buildroot has no python-gpgme package atm so we disable this option
for now.
Disabled experimental LMDB LDB backend as well, this also needed an
addition to samba4-cache.txt.
AD DC support needs jansson, for details see release notes.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
package/samba4: bump version to 4.8.52018-08-24T21:04:53+00:00Bernd Kuhlsbernd.kuhls@t-online.de2018-08-24T16:27:44+00:00urn:sha1:934d23bec79ca58a7c61239d5c4f64d26f8f5cd1
Release notes: https://www.samba.org/samba/history/samba-4.8.5.html
Rebased patches 0001 & 0004.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
package/samba4: Fix uClibc build on 64bit platforms by including stdint.h2018-08-24T21:04:48+00:00Bernd Kuhlsbernd.kuhls@t-online.de2018-08-18T08:08:01+00:00urn:sha1:734ea21eb31ee67a93f7e6a8d8f56bf2f779a923
Patch needed to be updated for samba-4.8.4
Fixes
http://autobuild.buildroot.net/results/140/1404a594583ff192d70086ef590f924472465c89/
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>