| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
| |
Mainly security release, fixing CVE-2023-3961, CVE-2023-4091,
CVE-2023-4154, CVE-2023-42669 and CVE-2023-42670. For more details see:
https://www.samba.org/samba/history/samba-4.18.8.html
Signed-off-by: Michal Hrusecky <michal.hrusecky@turris.com>
|
| |
|
|
|
|
|
| |
Update to the latest stable version in 4.18 series, for details, see
https://www.samba.org/samba/history/samba-4.18.7.html
Signed-off-by: Michal Hrusecky <michal.hrusecky@turris.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes various security issues. For detailed history see:
* https://www.samba.org/samba/history/samba-4.18.6.html
* https://www.samba.org/samba/history/samba-4.18.5.html
* https://www.samba.org/samba/history/samba-4.18.4.html
* https://www.samba.org/samba/history/samba-4.18.3.html
* https://www.samba.org/samba/history/samba-4.18.2.html
* https://www.samba.org/samba/history/samba-4.18.1.html
Signed-off-by: Michal Hrusecky <michal.hrusecky@turris.com>
|
| |
|
|
| |
Signed-off-by: Javier Marcet <javier@marcet.info>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
See commit da370098 "treewide: add support for "gc-sections" in
PKG_BUILD_FLAGS" on the main repository.
Note: This only touches packages which use all three parts
(-ffunction-sections, -fdata-sections and -Wl,--gc-sections) enabled by
this build flag. Some packages only use a subset, and these are left
unchanged for now.
Signed-off-by: Andre Heider <a.heider@gmail.com>
|
| |
|
|
|
|
| |
Samba release history: https://www.samba.org/samba/history/samba-4.18.0.html
Signed-off-by: Andrew Sim <andrewsimz@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* update to 4.17.5
* changelog: https://www.samba.org/samba/history/samba-4.17.5
* refresh patch
* CVE-2022-42898: Samba's Kerberos libraries and AD DC failed to guard against integer overflows when parsing a PAC on a 32-bit system, which allowed an attacker with a forged PAC to corrupt the heap.
https://www.samba.org/samba/security/CVE-2022-42898.html
* CVE-2022-37966: This is the Samba CVE for the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability disclosed by Microsoft on Nov 8 2022.
A Samba Active Directory DC will issue weak rc4-hmac session keys for use between modern clients and servers despite all modern Kerberos implementations supporting the aes256-cts-hmac-sha1-96 cipher.
On Samba Active Directory DCs and members 'kerberos encryption types = legacy' would force rc4-hmac as a client even if the server supports aes128-cts-hmac-sha1-96 and/or aes256-cts-hmac-sha1-96.
https://www.samba.org/samba/security/CVE-2022-37966.html
* CVE-2022-37967: This is the Samba CVE for the Windows Kerberos Elevation of Privilege Vulnerability disclosed by Microsoft on Nov 8 2022.
A service account with the special constrained delegation permission could forge a more powerful ticket than the one it was presented with.
https://www.samba.org/samba/security/CVE-2022-37967.html
* CVE-2022-38023: The "RC4" protection of the NetLogon Secure channel uses the same algorithms as rc4-hmac cryptography in Kerberos, and so must also be assumed to be weak.
https://www.samba.org/samba/security/CVE-2022-38023.html
* BUG 15210: synthetic_pathref AFP_AfpInfo failed errors.
This resolves errors logged during macOS TimeMachine backups.
https://bugzilla.samba.org/show_bug.cgi?id=15210
Signed-off-by: Michael Peleshenko <mpeleshenko@gmail.com>
|
| |
|
|
| |
Signed-off-by: Liangbin Lian <jjm2473@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
update samba to 4.17.2
* CVE-2022-3437: There is a limited write heap buffer overflow in the GSSAPI
unwrap_des() and unwrap_des3() routines of Heimdal (included in Samba).
https://www.samba.org/samba/security/CVE-2022-3437.html
* CVE-2022-3592: A malicious client can use a symlink to escape the exported
directory.
https://www.samba.org/samba/security/CVE-2022-3592.html
Signed-off-by: Andrew Sim <andrewsimz@gmail.com>
|
| |
|
|
|
|
|
|
| |
* update to 4.17.1
* changelog: https://www.samba.org/samba/history/samba-4.17.1
* refresh patch
Signed-off-by: Andrew Sim <andrewsimz@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Adding perlbase-json-pp to samba4-libs dependencies was the wrong approach and caused
samba packages not to be offered by menuconfig. AFAIK perlbase-json-pp is a perl helper
to building samba4 and seems to be already included in perl/host so use that instead to
fix the menuconfig issues.
Signed-off-by: Andrew Sim <andrewsimz@gmail.com>
|
| |
|
|
| |
Signed-off-by: Andrew Sim <andrewsimz@gmail.com>
|
| |
|
|
| |
Signed-off-by: Andrew Sim <andrewsimz@gmail.com>
|
| |
|
|
|
|
| |
* update waf-cross-answers for 4.14.x
Signed-off-by: Andrew Sim <andrewsimz@gmail.com>
|
| |
|
|
|
|
|
| |
* update to 4.14.14
* fixes: CVE-2022-2031, CVE-2022-32744, CVE-2022-32745, CVE-2022-32746, CVE-2022-32742
Signed-off-by: Andrew Sim <andrewsimz@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
drop maintainership:
* samba4
* ksmbd-tools
* perl-parse-yapp
* libtirpc
* softethervpn5
* wsdd2
* rpcsvc-proto
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
|
| |
|
|
|
|
| |
Required for sifiveu target.
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
|
| |
|
|
|
|
|
|
|
|
|
| |
This commit fixes two issues on macos:
1. Added a patch to fix 'echo -n' issue with MacOS shell
(backported from upstream)
2. Redefined sys.platform='linux' for target build if build host is
MacOS (otherwise, build script tries to use MacOS logic for
OpenWrt(Linux) target build)
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
|
| |
|
|
|
|
| |
Needed for QoriQ target
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
| |
|
|
|
|
|
| |
* update to 4.14.12
* fixes: CVE-2021-44142, CVE-2022-0336
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
* update to 4.14.11
* fix AD_DC build
* add vfs_widelinks to defaults
* refresh patches
* fixes: #16697, #17692
* fixes: CVE-2016-2124, CVE-2020-25717, CVE-2020-25718, CVE-2020-25719, CVE-2020-25721, CVE-2020-25722, CVE-2021-3738, CVE-2021-23192
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
|
| |
|
|
|
|
| |
* update to 4.14.7
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
|
| |
|
|
|
|
|
|
| |
but keep it selected by default as before
so it could be selected if nmbd and/or wssd2
should be used
Signed-off-by: Fritz D. Ansel <fdansel@yandex.ru>
|
| |
|
|
|
|
| |
even if a fqdn (with domain) is set by user
Signed-off-by: Fritz D. Ansel <fdansel@yandex.ru>
|
| |
|
|
|
|
| |
to allow graceful stop of the daemon
Signed-off-by: Fritz D. Ansel <fdansel@yandex.ru>
|
| |
|
|
|
|
|
| |
* update to 4.14.5
* refresh patches
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
|
| |
|
|
|
|
| |
* update to 4.13.9
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
* update to 4.13.8
* remove faulty io_uring kernel detection
* fixes CVE's: CVE-2020-27840, CVE-2021-20277, CVE-2020-27840, CVE-2021-20277, CVE-2020-27840, CVE-2021-20277, CVE-2021-20254
* resolves #15512
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
The crude loop I wrote to come up with this changeset:
find -L package/feeds/packages/ -name patches | \
sed 's/patches$/refresh/' | sort | xargs make
Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
|
| |
|
|
|
|
| |
* update to 4.13.4
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
|
| |
|
|
|
|
| |
* add proper io_uring kernel detection
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
* update to 4.13.3
* enable vfs io_uring module by default, if kernel supports it
* fix for possible exploit openwrt/packages#13758
* sanetize all external template/config inputs
* fix some shellcheck warnings
* remove old aio modules/deps
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
|
| |
|
|
|
|
|
| |
* update to 4.13.2
* remove outdated option "write cache size"
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
|
| |
|
|
|
|
|
|
| |
Note:
Fixes CVE-2020-1472 in case smb.conf
contains 'server schannel = no' or 'server schannel = auto'
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
|
| |
|
|
|
|
|
| |
* update to 4.12.6
* fix optional modules not included on module build (vfs_btrfs, vfs_linux_xfs_sgid)
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
* update to 4.12.5
* fixes CVE-2020-10730, CVE-2020-10745, CVE-2020-10760, CVE-2020-14303
* add fix-musl_missing__nss_buflen_passwd.patch
* remove fixed tirpc include
* add extra CONFIGURE_VARS (XSLTPROC=false, WAF_NO_PREFORK=1)
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
* add new UCI option "enable_extra_tuning"
* update template
* add config examples for options
* fix some access warnings on samba /var dirs
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
|
| |
|
|
|
|
| |
* fix python3 host paths, ensure we use build hostpkg tools
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
|
| |
|
|
|
|
| |
* update waf-cross-answers for 4.12.x
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
|
| |
|
|
|
|
| |
* add unbundle libunwind, icu patches
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
|
| |
|
|
|
|
|
|
| |
* update to 4.12.3
* update/remove patches
* disable netbios port 139 on 'DISABLE_NETBIOS' option or missing 'nmbd'
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
This removes Python-related build variants, and adds
PYTHON3_PKG_BUILD:=0 and minor build adjustments (where appropriate),
for non-Python packages. There should be no changes to build output.
This also updates some include paths for python3-package.mk and/or
python3-host.mk to be relative to the package Makefile.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Fixes #11417
The fix was implemented in commit 710700c and was later removed in
commit c50c583.
Signed-off-by: Daniel Bermond <danielbermond@gmail.com>
|
| |
|
|
|
|
|
| |
* update to 4.11.6
* add new UCI option "allow_legacy_protocols" to section [samba]
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
|
| |
|
|
|
|
| |
* use old workaround for broken unbundle pam patch
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* update to 4.11.4 (python3 version)
* re-enable AD-DC option
* add 'samba_nice' UCI option via "config procd 'extra'"
* restructure buildsteps (don't rely on waf --targets logic)
* move quota option into VFS
* move ACL option into AC-DC
* add more admin-tools
* use rpath_install for libs
* fix rpath + rstrip
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
|
| |
|
|
|
|
|
|
| |
* fix openwrt/packages#10700
* add suffix to asn1_compile, compile_et to avoid krb5 conflicts
* bundle samba's com_err
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
* update to 4.9.16
* cherry-pick some musl alpine/openembedded patches
* cleanup/remove AD-DC/Winbind options and related code
* build the compile_et via samba4/host
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
|
| |
|
|
|
|
|
| |
* add UCI option 'disable_async_io'
* remove [homes] options
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
|
| |
|
|
|
|
|
|
| |
* update to 4.9.15
* fixes CVE-2019-10218, CVE-2019-14833, CVE-2019-14847
* update smb.conf.template (aio, sendfile)
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
|