9ef8e5d463
https://www.samba.org/samba/history/samba-4.21.0.html https://www.samba.org/samba/history/samba-4.21.1.html https://www.samba.org/samba/history/samba-4.21.2.html https://www.samba.org/samba/history/samba-4.21.3.html https://www.samba.org/samba/history/samba-4.21.4.html https://www.samba.org/samba/history/samba-4.21.5.html https://www.samba.org/samba/history/samba-4.22.0.html https://www.samba.org/samba/history/samba-4.22.1.html https://www.samba.org/samba/history/samba-4.22.2.html https://www.samba.org/samba/history/samba-4.22.3.html Fixes: CVE-2025-0620
64 lines
2.6 KiB
Diff
64 lines
2.6 KiB
Diff
From 475ec75a34002aafabc92659f693cf705c96aff4 Mon Sep 17 00:00:00 2001
|
|
From: Nick Cao <nickcao@nichi.co>
|
|
Date: Thu, 21 Nov 2024 15:30:00 -0500
|
|
Subject: [PATCH] build: find pre-built heimdal build tools in case of embedded
|
|
heimdal
|
|
|
|
This patch fixes the case of finding asn1_compile and compile_et for
|
|
building embedded heimdal, by setting
|
|
--bundled-libraries='!asn1_compile,!compile_et' as configure flags.
|
|
|
|
The Heimdal build tools compile_et and asn1_compile are needed *only*
|
|
if we use the embedded heimdal (otherwise we don't build heimdal and
|
|
use headers that have been generated by those tools elsewhere).
|
|
|
|
For cross-compilation with embedded heimdal, it is vital to use host build
|
|
tools, and so asn1_compile and compile_et must be supplied and not
|
|
built. One way of doing this would be to set the COMPILE_ET and
|
|
ASN1_COMPILE env vars to the location of supplied binaries. Another way,
|
|
which is more commonly used, is to exclude asn1_compile and compile_et
|
|
from bundled packages via the switch
|
|
-bundled-libraries='!asn1_compile,!compile_et'. When this is done,
|
|
the build script searches the path for those tools and sets the
|
|
ASN1_COMPILE and COMPILE_ET vars accordingly. (this is admittedly
|
|
kind of a round-about way of doing things but this has become the
|
|
de-facto standard amongst embedded distro builders).
|
|
|
|
In commit 8061983d4882f3ba3f12da71443b035d7b672eec, this process of
|
|
finding the binaris has been moved to be carried out only in the
|
|
system heimdal case. As explained above, we only need these tools,
|
|
and hence the check, in bundled mode.
|
|
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14164
|
|
|
|
Signed-off-by: Uri Simchoni <uri@samba.org>
|
|
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
|
|
[Bachp: rebased for version 4.15.0]
|
|
[Mats: rebased for version 4.18.5]
|
|
[hexa: rebased for version 4.22.3]
|
|
---
|
|
wscript_configure_embedded_heimdal | 11 +++++++++++
|
|
1 file changed, 11 insertions(+)
|
|
|
|
diff --git a/wscript_configure_embedded_heimdal b/wscript_configure_embedded_heimdal
|
|
index c1488e5506e..ede28ba7fc3 100644
|
|
--- a/wscript_configure_embedded_heimdal
|
|
+++ b/wscript_configure_embedded_heimdal
|
|
@@ -15,3 +15,14 @@ conf.RECURSE('third_party/heimdal_build')
|
|
conf.define('HAVE_CLIENT_GSS_C_CHANNEL_BOUND_FLAG', 1)
|
|
|
|
conf.define('HAVE_KRB5_INIT_CREDS_STEP', 1)
|
|
+
|
|
+def check_system_heimdal_binary(name):
|
|
+ if conf.LIB_MAY_BE_BUNDLED(name):
|
|
+ return False
|
|
+ if not conf.find_program(name, var=name.upper()):
|
|
+ return False
|
|
+ conf.define('USING_SYSTEM_%s' % name.upper(), 1)
|
|
+ return True
|
|
+
|
|
+check_system_heimdal_binary("compile_et")
|
|
+check_system_heimdal_binary("asn1_compile")
|
|
--
|
|
2.50.1
|