samba: 4.20.8 -> 4.22.3
https://www.samba.org/samba/history/samba-4.21.0.html https://www.samba.org/samba/history/samba-4.21.1.html https://www.samba.org/samba/history/samba-4.21.2.html https://www.samba.org/samba/history/samba-4.21.3.html https://www.samba.org/samba/history/samba-4.21.4.html https://www.samba.org/samba/history/samba-4.21.5.html https://www.samba.org/samba/history/samba-4.22.0.html https://www.samba.org/samba/history/samba-4.22.1.html https://www.samba.org/samba/history/samba-4.22.2.html https://www.samba.org/samba/history/samba-4.22.3.html Fixes: CVE-2025-0620
This commit is contained in:
parent
e8da829059
commit
9ef8e5d463
@ -1,6 +1,8 @@
|
||||
--- a/ctdb/wscript 2019-01-15 02:07:00.000000000 -0800
|
||||
+++ b/ctdb/wscript 2019-01-20 20:21:08.800187459 -0800
|
||||
@@ -814,7 +814,7 @@
|
||||
diff --git a/ctdb/wscript b/ctdb/wscript
|
||||
index e9cd89436a3..893b9a4c59e 100644
|
||||
--- a/ctdb/wscript
|
||||
+++ b/ctdb/wscript
|
||||
@@ -862,7 +862,7 @@ def build(bld):
|
||||
for t in etc_subdirs:
|
||||
files = SUBDIR_MODE('%s/%s' % (configdir, t), trim_path=configdir)
|
||||
for fmode in files:
|
||||
@ -9,7 +11,7 @@
|
||||
destname=fmode[0], chmod=fmode[1])
|
||||
|
||||
# If this is a direct install and there are no event scripts
|
||||
@@ -852,24 +852,20 @@
|
||||
@@ -901,17 +901,13 @@ def build(bld):
|
||||
]
|
||||
|
||||
for t in etc_scripts:
|
||||
@ -17,16 +19,8 @@
|
||||
+ bld.INSTALL_FILES('${EXEC_PREFIX}${CTDB_ETCDIR}', 'config/%s' % t,
|
||||
destname=t, chmod=MODE_755)
|
||||
|
||||
bld.SAMBA_GENERATOR('ctdb-sudoers',
|
||||
source='config/ctdb.sudoers',
|
||||
target='ctdb.sudoers',
|
||||
rule='sed %s ${SRC} > ${TGT}' % (sed_cmdline))
|
||||
- bld.INSTALL_FILES('${SYSCONFDIR}/sudoers.d', 'ctdb.sudoers',
|
||||
+ bld.INSTALL_FILES('${EXEC_PREFIX}${SYSCONFDIR}/sudoers.d', 'ctdb.sudoers',
|
||||
destname='ctdb')
|
||||
|
||||
- bld.INSTALL_FILES('${CTDB_ETCDIR}/events/notification',
|
||||
+ bld.INSTALL_FILES('${EXEC_PREFIX}${CTDB_ETCDIR}/events/notification',
|
||||
+ bld.INSTALL_FILES('${EXEC_PREFIX}$${CTDB_ETCDIR}/events/notification',
|
||||
'config/notification.README',
|
||||
destname='README')
|
||||
|
||||
|
@ -26,11 +26,11 @@
|
||||
talloc,
|
||||
jansson,
|
||||
ldb,
|
||||
lmdb,
|
||||
libtasn1,
|
||||
tdb,
|
||||
tevent,
|
||||
libxcrypt,
|
||||
libxcrypt-legacy,
|
||||
cmocka,
|
||||
rpcsvc-proto,
|
||||
bash,
|
||||
@ -49,7 +49,6 @@
|
||||
avahi,
|
||||
enableDomainController ? false,
|
||||
gpgme,
|
||||
lmdb,
|
||||
enableRegedit ? true,
|
||||
ncurses,
|
||||
enableCephFS ? false,
|
||||
@ -66,15 +65,6 @@
|
||||
}:
|
||||
|
||||
let
|
||||
# samba-tool requires libxcrypt-legacy algorithms
|
||||
python = python3Packages.python.override {
|
||||
self = python;
|
||||
libxcrypt = libxcrypt-legacy;
|
||||
};
|
||||
wrapPython = python3Packages.wrapPython.override {
|
||||
inherit python;
|
||||
};
|
||||
|
||||
inherit (lib) optional optionals;
|
||||
|
||||
needsAnswers =
|
||||
@ -89,11 +79,11 @@ let
|
||||
in
|
||||
stdenv.mkDerivation (finalAttrs: {
|
||||
pname = "samba";
|
||||
version = "4.20.8";
|
||||
version = "4.22.3";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://download.samba.org/pub/samba/stable/samba-${finalAttrs.version}.tar.gz";
|
||||
hash = "sha256-db4OjTH0UBPpsmD+fPMEo20tgSg5GRR3JXchXsFzqAc=";
|
||||
hash = "sha256-j9cJJimjWW2TXNdWfZNJeflCcpGOw6/9DMgHk07PIro=";
|
||||
};
|
||||
|
||||
outputs = [
|
||||
@ -104,7 +94,6 @@ stdenv.mkDerivation (finalAttrs: {
|
||||
|
||||
patches = [
|
||||
./4.x-no-persistent-install.patch
|
||||
./patch-source3__libads__kerberos_keytab.c.patch
|
||||
./4.x-no-persistent-install-dynconfig.patch
|
||||
./4.x-fix-makeflags-parsing.patch
|
||||
./build-find-pre-built-heimdal-build-tools-in-case-of-.patch
|
||||
@ -123,6 +112,7 @@ stdenv.mkDerivation (finalAttrs: {
|
||||
|
||||
nativeBuildInputs = [
|
||||
python3Packages.python
|
||||
python3Packages.wrapPython
|
||||
wafHook
|
||||
pkg-config
|
||||
bison
|
||||
@ -148,8 +138,7 @@ stdenv.mkDerivation (finalAttrs: {
|
||||
|
||||
buildInputs = [
|
||||
bash
|
||||
wrapPython
|
||||
python
|
||||
python3Packages.python
|
||||
readline
|
||||
popt
|
||||
dbus
|
||||
@ -158,6 +147,7 @@ stdenv.mkDerivation (finalAttrs: {
|
||||
zlib
|
||||
gnutls
|
||||
libtasn1
|
||||
lmdb
|
||||
tdb
|
||||
libxcrypt
|
||||
]
|
||||
@ -182,7 +172,6 @@ stdenv.mkDerivation (finalAttrs: {
|
||||
++ optional enableMDNS avahi
|
||||
++ optionals enableDomainController [
|
||||
gpgme
|
||||
lmdb
|
||||
python3Packages.dnspython
|
||||
]
|
||||
++ optional enableRegedit ncurses
|
||||
@ -230,7 +219,7 @@ stdenv.mkDerivation (finalAttrs: {
|
||||
"--disable-rpath"
|
||||
# otherwise third_party/waf/waflib/Tools/python.py would
|
||||
# get the wrong pythondir from build platform python
|
||||
"--pythondir=${placeholder "out"}/${python.sitePackages}"
|
||||
"--pythondir=${placeholder "out"}/${python3Packages.python.sitePackages}"
|
||||
(lib.enableFeature enablePrinting "cups")
|
||||
]
|
||||
++ optional (!enableDomainController) "--without-ad-dc"
|
||||
@ -245,7 +234,7 @@ stdenv.mkDerivation (finalAttrs: {
|
||||
++ optional enableProfiling "--with-profiling-data"
|
||||
++ optional (!enableAcl) "--without-acl-support"
|
||||
++ optional (!enablePam) "--without-pam"
|
||||
++ optionals (stdenv.hostPlatform != stdenv.buildPlatform) ([
|
||||
++ optionals (stdenv.hostPlatform != stdenv.buildPlatform) [
|
||||
"--bundled-libraries=!asn1_compile,!compile_et"
|
||||
"--cross-compile"
|
||||
(
|
||||
@ -254,7 +243,7 @@ stdenv.mkDerivation (finalAttrs: {
|
||||
else
|
||||
"--cross-answers=answers"
|
||||
)
|
||||
])
|
||||
]
|
||||
++ optionals stdenv.buildPlatform.is32bit [
|
||||
# By default `waf configure` spawns as many as available CPUs. On
|
||||
# 32-bit systems with many CPUs (like `i686` chroot on `x86_64`
|
||||
@ -321,7 +310,7 @@ stdenv.mkDerivation (finalAttrs: {
|
||||
# Samba does its own shebang patching, but uses build Python
|
||||
find $out/bin -type f -executable | while read file; do
|
||||
isScript "$file" || continue
|
||||
sed -i 's^${lib.getBin buildPackages.python3Packages.python}^${lib.getBin python}^' "$file"
|
||||
sed -i 's^${lib.getBin buildPackages.python3Packages.python}^${lib.getBin python3Packages.python}^' "$file"
|
||||
done
|
||||
'';
|
||||
|
||||
@ -349,17 +338,12 @@ stdenv.mkDerivation (finalAttrs: {
|
||||
broken = enableGlusterFS;
|
||||
maintainers = with maintainers; [ aneeshusa ];
|
||||
pkgConfigModules = [
|
||||
"dcerpc_samr"
|
||||
"dcerpc"
|
||||
"ndr_krb5pac"
|
||||
"ndr_nbt"
|
||||
"ndr_standard"
|
||||
"ndr"
|
||||
"netapi"
|
||||
"samba-credentials"
|
||||
"samba-hostconfig"
|
||||
"samba-util"
|
||||
"samdb"
|
||||
"smbclient"
|
||||
"wbclient"
|
||||
];
|
||||
|
@ -1,4 +1,4 @@
|
||||
From 48f7e6d66e2850088b8922024641173776222242 Mon Sep 17 00:00:00 2001
|
||||
From 475ec75a34002aafabc92659f693cf705c96aff4 Mon Sep 17 00:00:00 2001
|
||||
From: Nick Cao <nickcao@nichi.co>
|
||||
Date: Thu, 21 Nov 2024 15:30:00 -0500
|
||||
Subject: [PATCH] build: find pre-built heimdal build tools in case of embedded
|
||||
@ -35,18 +35,19 @@ Signed-off-by: Uri Simchoni <uri@samba.org>
|
||||
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
|
||||
[Bachp: rebased for version 4.15.0]
|
||||
[Mats: rebased for version 4.18.5]
|
||||
[hexa: rebased for version 4.22.3]
|
||||
---
|
||||
wscript_configure_embedded_heimdal | 11 +++++++++++
|
||||
1 file changed, 11 insertions(+)
|
||||
|
||||
diff --git a/wscript_configure_embedded_heimdal b/wscript_configure_embedded_heimdal
|
||||
index 45f47721de..6c5a4bcf01 100644
|
||||
index c1488e5506e..ede28ba7fc3 100644
|
||||
--- a/wscript_configure_embedded_heimdal
|
||||
+++ b/wscript_configure_embedded_heimdal
|
||||
@@ -13,3 +13,14 @@ conf.RECURSE('third_party/heimdal_build')
|
||||
# when this will be available also in
|
||||
# system libraries...
|
||||
@@ -15,3 +15,14 @@ conf.RECURSE('third_party/heimdal_build')
|
||||
conf.define('HAVE_CLIENT_GSS_C_CHANNEL_BOUND_FLAG', 1)
|
||||
|
||||
conf.define('HAVE_KRB5_INIT_CREDS_STEP', 1)
|
||||
+
|
||||
+def check_system_heimdal_binary(name):
|
||||
+ if conf.LIB_MAY_BE_BUNDLED(name):
|
||||
@ -59,5 +60,4 @@ index 45f47721de..6c5a4bcf01 100644
|
||||
+check_system_heimdal_binary("compile_et")
|
||||
+check_system_heimdal_binary("asn1_compile")
|
||||
--
|
||||
2.47.0
|
||||
|
||||
2.50.1
|
||||
|
@ -1,20 +0,0 @@
|
||||
--- old/source3/libads/kerberos_keytab.c 2017-12-23 14:23:53.247467000 +0100
|
||||
+++ new/source3/libads/kerberos_keytab.c 2017-12-23 18:57:07.135340000 +0100
|
||||
@@ -32,8 +32,6 @@
|
||||
|
||||
#ifdef HAVE_KRB5
|
||||
|
||||
-#ifdef HAVE_ADS
|
||||
-
|
||||
/* This MAX_NAME_LEN is a constant defined in krb5.h */
|
||||
#ifndef MAX_KEYTAB_NAME_LEN
|
||||
#define MAX_KEYTAB_NAME_LEN 1100
|
||||
@@ -85,6 +83,8 @@
|
||||
return ret;
|
||||
}
|
||||
|
||||
+#ifdef HAVE_ADS
|
||||
+
|
||||
/**********************************************************************
|
||||
Adds a single service principal, i.e. 'host' to the system keytab
|
||||
***********************************************************************/
|
Loading…
x
Reference in New Issue
Block a user