For details see: https://www.samba.org/samba/latest_news.html#4.17.0
This "just came my way" and I found the CVEs listed on https://www.samba.org/samba/history/security.html which address "All versions of Samba prior to 4.16.4" or "All versions of Samba" rather long.
The 'glibc_headers' patch is now included.
Sad to say, due to the lack of hardware I can only include the rootfile for x86_64.
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org --- config/rootfiles/packages/x86_64/samba | 59 ++++++++++++------- lfs/samba | 7 +-- src/patches/samba-4.16.4-glibc-headers.patch | 62 -------------------- 3 files changed, 40 insertions(+), 88 deletions(-) delete mode 100644 src/patches/samba-4.16.4-glibc-headers.patch
diff --git a/config/rootfiles/packages/x86_64/samba b/config/rootfiles/packages/x86_64/samba index 66b210a08..2d8f0ae0d 100644 --- a/config/rootfiles/packages/x86_64/samba +++ b/config/rootfiles/packages/x86_64/samba @@ -154,8 +154,8 @@ usr/lib/libndr-standard.so usr/lib/libndr-standard.so.0 usr/lib/libndr-standard.so.0.0.1 usr/lib/libndr.so -usr/lib/libndr.so.2 -usr/lib/libndr.so.2.0.0 +usr/lib/libndr.so.3 +usr/lib/libndr.so.3.0.0 usr/lib/libnetapi.so usr/lib/libnetapi.so.1 usr/lib/libnetapi.so.1.0.0 @@ -166,6 +166,7 @@ usr/lib/libsamba-credentials.so.1 usr/lib/libsamba-credentials.so.1.0.0 usr/lib/libsamba-errors.so usr/lib/libsamba-errors.so.1 +usr/lib/libsamba-errors.so.1.0.0 usr/lib/libsamba-hostconfig.so usr/lib/libsamba-hostconfig.so.0 usr/lib/libsamba-hostconfig.so.0.0.1 @@ -282,13 +283,31 @@ usr/lib/python3.10/site-packages/samba/emulate/traffic_packets.py usr/lib/python3.10/site-packages/samba/forest_update.py usr/lib/python3.10/site-packages/samba/gensec.cpython-310-x86_64-linux-gnu.so usr/lib/python3.10/site-packages/samba/getopt.py -usr/lib/python3.10/site-packages/samba/gp_cert_auto_enroll_ext.py -usr/lib/python3.10/site-packages/samba/gp_chromium_ext.py -usr/lib/python3.10/site-packages/samba/gp_ext_loader.py -usr/lib/python3.10/site-packages/samba/gp_firefox_ext.py -usr/lib/python3.10/site-packages/samba/gp_firewalld_ext.py -usr/lib/python3.10/site-packages/samba/gp_gnome_settings_ext.py -usr/lib/python3.10/site-packages/samba/gp_msgs_ext.py +usr/lib/python3.10/site-packages/samba/gp +usr/lib/python3.10/site-packages/samba/gp/gp_centrify_crontab_ext.py +usr/lib/python3.10/site-packages/samba/gp/gp_centrify_sudoers_ext.py +usr/lib/python3.10/site-packages/samba/gp/gp_cert_auto_enroll_ext.py +usr/lib/python3.10/site-packages/samba/gp/gp_chromium_ext.py +usr/lib/python3.10/site-packages/samba/gp/gp_ext_loader.py +usr/lib/python3.10/site-packages/samba/gp/gp_firefox_ext.py +usr/lib/python3.10/site-packages/samba/gp/gp_firewalld_ext.py +usr/lib/python3.10/site-packages/samba/gp/gp_gnome_settings_ext.py +usr/lib/python3.10/site-packages/samba/gp/gp_msgs_ext.py +usr/lib/python3.10/site-packages/samba/gp/gp_scripts_ext.py +usr/lib/python3.10/site-packages/samba/gp/gp_sec_ext.py +usr/lib/python3.10/site-packages/samba/gp/gp_smb_conf_ext.py +usr/lib/python3.10/site-packages/samba/gp/gp_sudoers_ext.py +usr/lib/python3.10/site-packages/samba/gp/gpclass.py +usr/lib/python3.10/site-packages/samba/gp/util +usr/lib/python3.10/site-packages/samba/gp/util/logging.py +usr/lib/python3.10/site-packages/samba/gp/vgp_access_ext.py +usr/lib/python3.10/site-packages/samba/gp/vgp_files_ext.py +usr/lib/python3.10/site-packages/samba/gp/vgp_issue_ext.py +usr/lib/python3.10/site-packages/samba/gp/vgp_motd_ext.py +usr/lib/python3.10/site-packages/samba/gp/vgp_openssh_ext.py +usr/lib/python3.10/site-packages/samba/gp/vgp_startup_scripts_ext.py +usr/lib/python3.10/site-packages/samba/gp/vgp_sudoers_ext.py +usr/lib/python3.10/site-packages/samba/gp/vgp_symlink_ext.py #usr/lib/python3.10/site-packages/samba/gp_parse usr/lib/python3.10/site-packages/samba/gp_parse/__init__.py usr/lib/python3.10/site-packages/samba/gp_parse/gp_aas.py @@ -296,11 +315,6 @@ usr/lib/python3.10/site-packages/samba/gp_parse/gp_csv.py usr/lib/python3.10/site-packages/samba/gp_parse/gp_inf.py usr/lib/python3.10/site-packages/samba/gp_parse/gp_ini.py usr/lib/python3.10/site-packages/samba/gp_parse/gp_pol.py -usr/lib/python3.10/site-packages/samba/gp_scripts_ext.py -usr/lib/python3.10/site-packages/samba/gp_sec_ext.py -usr/lib/python3.10/site-packages/samba/gp_smb_conf_ext.py -usr/lib/python3.10/site-packages/samba/gp_sudoers_ext.py -usr/lib/python3.10/site-packages/samba/gpclass.py usr/lib/python3.10/site-packages/samba/gpo.cpython-310-x86_64-linux-gnu.so usr/lib/python3.10/site-packages/samba/graph.py usr/lib/python3.10/site-packages/samba/hostconfig.py @@ -375,12 +389,14 @@ usr/lib/python3.10/site-packages/samba/samba3/libsmb_samba_internal.py usr/lib/python3.10/site-packages/samba/samba3/mdscli.cpython-310-x86_64-linux-gnu.so usr/lib/python3.10/site-packages/samba/samba3/param.cpython-310-x86_64-linux-gnu.so usr/lib/python3.10/site-packages/samba/samba3/passdb.cpython-310-x86_64-linux-gnu.so +usr/lib/python3.10/site-packages/samba/samba3/smbconf.cpython-310-x86_64-linux-gnu.so usr/lib/python3.10/site-packages/samba/samba3/smbd.cpython-310-x86_64-linux-gnu.so usr/lib/python3.10/site-packages/samba/samdb.py usr/lib/python3.10/site-packages/samba/schema.py usr/lib/python3.10/site-packages/samba/sd_utils.py usr/lib/python3.10/site-packages/samba/security.cpython-310-x86_64-linux-gnu.so usr/lib/python3.10/site-packages/samba/sites.py +usr/lib/python3.10/site-packages/samba/smbconf.cpython-310-x86_64-linux-gnu.so usr/lib/python3.10/site-packages/samba/subnets.py #usr/lib/python3.10/site-packages/samba/subunit usr/lib/python3.10/site-packages/samba/subunit/__init__.py @@ -407,6 +423,7 @@ usr/lib/python3.10/site-packages/samba/tdb_util.py #usr/lib/python3.10/site-packages/samba/tests/blackbox/downgradedatabase.py #usr/lib/python3.10/site-packages/samba/tests/blackbox/mdsearch.py #usr/lib/python3.10/site-packages/samba/tests/blackbox/ndrdump.py +#usr/lib/python3.10/site-packages/samba/tests/blackbox/netads_dns.py #usr/lib/python3.10/site-packages/samba/tests/blackbox/netads_json.py #usr/lib/python3.10/site-packages/samba/tests/blackbox/samba_dnsupdate.py #usr/lib/python3.10/site-packages/samba/tests/blackbox/smbcacls.py @@ -498,7 +515,9 @@ usr/lib/python3.10/site-packages/samba/tdb_util.py #usr/lib/python3.10/site-packages/samba/tests/krb5/kdc_tgs_tests.py #usr/lib/python3.10/site-packages/samba/tests/krb5/kpasswd_tests.py #usr/lib/python3.10/site-packages/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py +#usr/lib/python3.10/site-packages/samba/tests/krb5/nt_hash_tests.py #usr/lib/python3.10/site-packages/samba/tests/krb5/pac_align_tests.py +#usr/lib/python3.10/site-packages/samba/tests/krb5/protected_users_tests.py #usr/lib/python3.10/site-packages/samba/tests/krb5/raw_testcase.py #usr/lib/python3.10/site-packages/samba/tests/krb5/rfc4120_constants.py #usr/lib/python3.10/site-packages/samba/tests/krb5/rfc4120_pyasn1.py @@ -521,6 +540,7 @@ usr/lib/python3.10/site-packages/samba/tdb_util.py #usr/lib/python3.10/site-packages/samba/tests/ldap_upn_sam_account.py #usr/lib/python3.10/site-packages/samba/tests/libsmb.py #usr/lib/python3.10/site-packages/samba/tests/loadparm.py +#usr/lib/python3.10/site-packages/samba/tests/logfiles.py #usr/lib/python3.10/site-packages/samba/tests/lsa_string.py #usr/lib/python3.10/site-packages/samba/tests/messaging.py #usr/lib/python3.10/site-packages/samba/tests/ndr.py @@ -537,6 +557,7 @@ usr/lib/python3.10/site-packages/samba/tdb_util.py #usr/lib/python3.10/site-packages/samba/tests/ntlmdisabled.py #usr/lib/python3.10/site-packages/samba/tests/pam_winbind.py #usr/lib/python3.10/site-packages/samba/tests/pam_winbind_chauthtok.py +#usr/lib/python3.10/site-packages/samba/tests/pam_winbind_setcred.py #usr/lib/python3.10/site-packages/samba/tests/pam_winbind_warn_pwd_expire.py #usr/lib/python3.10/site-packages/samba/tests/param.py #usr/lib/python3.10/site-packages/samba/tests/password_hash.py @@ -606,8 +627,10 @@ usr/lib/python3.10/site-packages/samba/tdb_util.py #usr/lib/python3.10/site-packages/samba/tests/sddl.py #usr/lib/python3.10/site-packages/samba/tests/security.py #usr/lib/python3.10/site-packages/samba/tests/segfault.py +#usr/lib/python3.10/site-packages/samba/tests/sid_strings.py #usr/lib/python3.10/site-packages/samba/tests/smb-notify.py #usr/lib/python3.10/site-packages/samba/tests/smb.py +#usr/lib/python3.10/site-packages/samba/tests/smbconf.py #usr/lib/python3.10/site-packages/samba/tests/smbd_base.py #usr/lib/python3.10/site-packages/samba/tests/smbd_fuzztest.py #usr/lib/python3.10/site-packages/samba/tests/source.py @@ -624,14 +647,6 @@ usr/lib/python3.10/site-packages/samba/trust_utils.py usr/lib/python3.10/site-packages/samba/upgrade.py usr/lib/python3.10/site-packages/samba/upgradehelpers.py usr/lib/python3.10/site-packages/samba/uptodateness.py -usr/lib/python3.10/site-packages/samba/vgp_access_ext.py -usr/lib/python3.10/site-packages/samba/vgp_files_ext.py -usr/lib/python3.10/site-packages/samba/vgp_issue_ext.py -usr/lib/python3.10/site-packages/samba/vgp_motd_ext.py -usr/lib/python3.10/site-packages/samba/vgp_openssh_ext.py -usr/lib/python3.10/site-packages/samba/vgp_startup_scripts_ext.py -usr/lib/python3.10/site-packages/samba/vgp_sudoers_ext.py -usr/lib/python3.10/site-packages/samba/vgp_symlink_ext.py usr/lib/python3.10/site-packages/samba/werror.cpython-310-x86_64-linux-gnu.so usr/lib/python3.10/site-packages/samba/xattr.py usr/lib/python3.10/site-packages/samba/xattr_native.cpython-310-x86_64-linux-gnu.so diff --git a/lfs/samba b/lfs/samba index 67ebebc2f..f743bfa30 100644 --- a/lfs/samba +++ b/lfs/samba @@ -24,7 +24,7 @@
include Config
-VER = 4.16.4 +VER = 4.17.0 SUMMARY = A SMB/CIFS File, Print, and Authentication Server
THISAPP = samba-$(VER) @@ -33,7 +33,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = samba -PAK_VER = 87 +PAK_VER = 88
DEPS = avahi cups libtirpc perl-Parse-Yapp perl-JSON
@@ -47,7 +47,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = e685511a76770272cabd1292f36d2b005e2d21212e4782cdf4fd05039f7667b35501873cffa9a53547d523805b2a91ffeba0881aaee905304968c42efef22dfa +$(DL_FILE)_BLAKE2 = d05b17748092bc151b0b627156b1da4a8b30b603569adcef376640745425321617a755add41315af0b38876344323a20185063e131c342c9b6fdcb9542be73f1
install : $(TARGET)
@@ -80,7 +80,6 @@ $(subst %,%_BLAKE2,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba-4.16.4-glibc-headers.patch cd $(DIR_APP) && ./configure \ --prefix=/usr \ --libdir=/usr/lib/ \ diff --git a/src/patches/samba-4.16.4-glibc-headers.patch b/src/patches/samba-4.16.4-glibc-headers.patch deleted file mode 100644 index 8c75a4172..000000000 --- a/src/patches/samba-4.16.4-glibc-headers.patch +++ /dev/null @@ -1,62 +0,0 @@ -From 766151bf5b7ef95ae4c8c98b8994e5c21c5bbec0 Mon Sep 17 00:00:00 2001 -From: Andreas Schneider asn@samba.org -Date: Tue, 2 Aug 2022 07:55:46 +0200 -Subject: [PATCH] lib:replace: Only include <sys/mount.h> on non-Linux systems -MIME-Version: 1.0 -Content-Type: text/plain; charset=utf8 -Content-Transfer-Encoding: 8bit - -Details at: -https://sourceware.org/glibc/wiki/Release/2.36#Usage_of_.3Clinux.2Fmount.h.3... - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=15132 - -Signed-off-by: Andreas Schneider asn@samba.org -Reviewed-by: Ralph Boehme slow@samba.org - -Autobuild-User(master): Ralph Böhme slow@samba.org -Autobuild-Date(master): Tue Aug 2 11:05:14 UTC 2022 on sn-devel-184 ---- - lib/replace/system/filesys.h | 4 +++- - lib/replace/wscript | 3 +++ - 2 files changed, 6 insertions(+), 1 deletion(-) - -diff --git a/lib/replace/system/filesys.h b/lib/replace/system/filesys.h -index 034e5d5886c..bb9482c69af 100644 ---- a/lib/replace/system/filesys.h -+++ b/lib/replace/system/filesys.h -@@ -36,7 +36,8 @@ - #include <sys/param.h> - #endif - --#ifdef HAVE_SYS_MOUNT_H -+/* This include is required on UNIX (*BSD, AIX, ...) for statfs() */ -+#if !defined(LINUX) && defined(HAVE_SYS_MOUNT_H) - #include <sys/mount.h> - #endif - -@@ -44,6 +45,7 @@ - #include <mntent.h> - #endif - -+/* This include is required on Linux for statfs() */ - #ifdef HAVE_SYS_VFS_H - #include <sys/vfs.h> - #endif -diff --git a/lib/replace/wscript b/lib/replace/wscript -index 4c774d9f0c3..dd9b19219a1 100644 ---- a/lib/replace/wscript -+++ b/lib/replace/wscript -@@ -31,6 +31,9 @@ def configure(conf): - - conf.env.standalone_replace = conf.IN_LAUNCH_DIR() - -+ if sys.platform.rfind('linux') > -1: -+ conf.DEFINE('LINUX', '1') -+ - conf.DEFINE('BOOL_DEFINED', 1) - conf.DEFINE('HAVE_LIBREPLACE', 1) - conf.DEFINE('LIBREPLACE_NETWORK_CHECKS', 1) --- -2.30.2 -