https://www.samba.org/samba/history/samba-4.22.2.html
Removed upstreamed:
101-do-not-check-xsltproc-manpages.patch
105-perl-json-pp.patch
Removed due to build failure:
104-samba-4.12-unbundle-icu.patch
Added:
104-fix-build-on-aarch64-and-risc.patch[1]
Makefile:
Removed section on --accel-aes due to upstream dropping support
Added line to correct fcntl check in cross-answers.txt
1. For aarch64 and risc64, the discard_const macro is used to remove
const qualifiers from string literals, but casting a string literal’s
address to uintptr_t and then to void * is not a constant expression in
some compilers or environments e.g. the musl libc and aarch64/risc64
combination seems to enforce stricter rules for constant initializers
or pointer/integer size handling compared to glibc-based systems.
Build system: x86/64
Build-tested: x86/64
Run-tested: x86/64
Signed-off-by: John Audia <therealgraysky@proton.me>
* update to 4.17.5
* changelog: https://www.samba.org/samba/history/samba-4.17.5
* refresh patch
* CVE-2022-42898: Samba's Kerberos libraries and AD DC failed to guard against integer overflows when parsing a PAC on a 32-bit system, which allowed an attacker with a forged PAC to corrupt the heap.
https://www.samba.org/samba/security/CVE-2022-42898.html
* CVE-2022-37966: This is the Samba CVE for the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability disclosed by Microsoft on Nov 8 2022.
A Samba Active Directory DC will issue weak rc4-hmac session keys for use between modern clients and servers despite all modern Kerberos implementations supporting the aes256-cts-hmac-sha1-96 cipher.
On Samba Active Directory DCs and members 'kerberos encryption types = legacy' would force rc4-hmac as a client even if the server supports aes128-cts-hmac-sha1-96 and/or aes256-cts-hmac-sha1-96.
https://www.samba.org/samba/security/CVE-2022-37966.html
* CVE-2022-37967: This is the Samba CVE for the Windows Kerberos Elevation of Privilege Vulnerability disclosed by Microsoft on Nov 8 2022.
A service account with the special constrained delegation permission could forge a more powerful ticket than the one it was presented with.
https://www.samba.org/samba/security/CVE-2022-37967.html
* CVE-2022-38023: The "RC4" protection of the NetLogon Secure channel uses the same algorithms as rc4-hmac cryptography in Kerberos, and so must also be assumed to be weak.
https://www.samba.org/samba/security/CVE-2022-38023.html
* BUG 15210: synthetic_pathref AFP_AfpInfo failed errors.
This resolves errors logged during macOS TimeMachine backups.
https://bugzilla.samba.org/show_bug.cgi?id=15210
Signed-off-by: Michael Peleshenko <mpeleshenko@gmail.com>
This commit fixes two issues on macos:
1. Added a patch to fix 'echo -n' issue with MacOS shell
(backported from upstream)
2. Redefined sys.platform='linux' for target build if build host is
MacOS (otherwise, build script tries to use MacOS logic for
OpenWrt(Linux) target build)
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
The crude loop I wrote to come up with this changeset:
find -L package/feeds/packages/ -name patches | \
sed 's/patches$/refresh/' | sort | xargs make
Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
* update to 4.12.3
* update/remove patches
* disable netbios port 139 on 'DISABLE_NETBIOS' option or missing 'nmbd'
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
* update to 4.9.16
* cherry-pick some musl alpine/openembedded patches
* cleanup/remove AD-DC/Winbind options and related code
* build the compile_et via samba4/host
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
* revert to 4.9.x series (4.10 needs too many unofficial patches and has weird waf bugs)
* cleanup patches
* enable AD_DC build option again
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
