On 12/27/21 11:37 PM, Yi Zhao wrote:
> Upgrade from 4.10.x to 4.14.x to fix CVEs.
>
> The samba 4.10.x is EOL so it can not get the latest CVEs fixes. Previously,
> we backport patches from upstream to fix the CVEs.
> Unfortunately, for some recent CVEs, it is difficult to backport because
> there are more than one hundred patches:
> https://git.samba.org/?p=samba.git&a=search&h=refs%2Fheads%2Fv4-14-stable&st=commit&s=CVE
I do understand the rational. This is not a new situation and can be
applied to all supported branches. The issue is this is a large version
jump which is outside the accepted maintenance guidelines. I do not
intend on applying this series to Hardknott. You do have the option of
including this in a special layer.
BR,
Armin
>
> Upgrading to 4.14.x seems to be a better way.
>
>
> Khem Raj (2):
> libldb: Inherit pkgconfig
> samba: Inherit pkgconfig
>
> Persian Prince (1):
> samba: Don't guess dirs for perllocal.pod removing
>
> Yi Zhao (14):
> libldb: upgrade 1.5.8 -> 2.3.0
> libparse-yapp-perl: add recipe
> samba: upgrade 4.10.18 -> 4.14.4
> samba: update smb.conf
> samba: disable check fcntl RW_HINTS when configure
> samba: upgrade 4.14.4 -> 4.14.5
> samba: fix shebang for pidl
> samba: add missing runtime dependency for pidl
> samba: upgrade 4.14.5 -> 4.14.7
> samba: upgrade 4.14.7 -> 4.14.8
> libldb: upgrade 2.3.0 -> 2.3.2
> samba: upgrade 4.14.8 -> 4.14.10
> samba: add pyldb to rdepends for samba-python3
> samba: update cross-answers files
>
> wangmy (1):
> samba: Solve the dependency problem when installing Samba
>
> zhengruoqin (1):
> samba: upgrade 4.14.10 -> 4.14.11
>
> .../cross-answers-aarch64.txt | 5 +
> .../cross-answers-aarch64_be.txt | 5 +
> .../waf-cross-answers/cross-answers-arm.txt | 5 +
> .../waf-cross-answers/cross-answers-armeb.txt | 5 +
> .../waf-cross-answers/cross-answers-i586.txt | 5 +
> .../waf-cross-answers/cross-answers-i686.txt | 5 +
> .../waf-cross-answers/cross-answers-mips.txt | 5 +
> .../cross-answers-mips64.txt | 5 +
> .../cross-answers-mips64el.txt | 5 +
> .../cross-answers-mipsel.txt | 5 +
> .../cross-answers-powerpc.txt | 5 +
> .../cross-answers-powerpc64.txt | 5 +
> .../cross-answers-powerpc64le.txt | 5 +
> .../cross-answers-riscv32.txt | 5 +
> .../cross-answers-riscv64.txt | 5 +
> .../cross-answers-x86_64.txt | 5 +
> ... 0001-Don-t-check-xsltproc-manpages.patch} | 24 +--
> ...ipt-Avoid-generating-nested-main-fun.patch | 30 ----
> ....c-Avoid-nss-function-conflicts-with.patch | 96 ------------
> ...001-waf-add-support-of-cross_compile.patch | 62 --------
> ...t-target-module-while-cross-compile.patch} | 8 +-
> ...ve-__thread-variable-to-global-scope.patch | 58 -------
> ...-Add-config-option-without-valgrind.patch} | 12 +-
> ...ions-to-configure-the-use-of-libbsd.patch} | 45 +++---
> ...5-samba-build-dnsserver_common-code.patch} | 13 +-
> .../samba/samba/CVE-2020-14318.patch | 142 ------------------
> .../samba/samba/CVE-2020-14383.patch | 112 --------------
> .../samba/samba/glibc_only.patch | 28 ----
> .../samba/samba/iconv-4.7.0.patch | 25 ---
> ... samba-fix-musl-lib-without-innetgr.patch} | 0
> .../recipes-connectivity/samba/samba/smb.conf | 40 ++---
> .../samba/samba/smb_conf-4.7.0.patch | 28 ----
> .../{samba_4.10.18.bb => samba_4.14.11.bb} | 89 ++++++-----
> ...t-target-module-while-cross-compile.patch} | 12 +-
> ...001-waf-add-support-of-cross_compile.patch | 62 --------
> ...-Add-configure-options-for-packages.patch} | 38 ++---
> ...> 0003-avoid-openldap-unless-wanted.patch} | 13 +-
> ...bldb-fix-musl-libc-unkown-type-error.patch | 31 ----
> .../{libldb_1.5.8.bb => libldb_2.3.2.bb} | 14 +-
> .../perl/libparse-yapp-perl_1.21.bb | 21 +++
> 40 files changed, 254 insertions(+), 829 deletions(-)
> rename
> meta-networking/recipes-connectivity/samba/samba/{16-do-not-check-xsltproc-manpages.patch
> => 0001-Don-t-check-xsltproc-manpages.patch} (77%)
> delete mode 100644
> meta-networking/recipes-connectivity/samba/samba/0001-lib-replace-wscript-Avoid-generating-nested-main-fun.patch
> delete mode 100644
> meta-networking/recipes-connectivity/samba/samba/0001-nsswitch-nsstest.c-Avoid-nss-function-conflicts-with.patch
> delete mode 100644
> meta-networking/recipes-connectivity/samba/samba/0001-waf-add-support-of-cross_compile.patch
> rename
> meta-networking/{recipes-support/libldb/libldb/do-not-import-target-module-while-cross-compile.patch
> =>
> recipes-connectivity/samba/samba/0002-do-not-import-target-module-while-cross-compile.patch}
> (94%)
> delete mode 100644
> meta-networking/recipes-connectivity/samba/samba/0002-util_sec.c-Move-__thread-variable-to-global-scope.patch
> rename
> meta-networking/recipes-connectivity/samba/samba/{21-add-config-option-without-valgrind.patch
> => 0003-Add-config-option-without-valgrind.patch} (88%)
> rename
> meta-networking/recipes-connectivity/samba/samba/{0001-Add-options-to-configure-the-use-of-libbsd.patch
> => 0004-Add-options-to-configure-the-use-of-libbsd.patch} (76%)
> rename
> meta-networking/recipes-connectivity/samba/samba/{dnsserver-4.7.0.patch =>
> 0005-samba-build-dnsserver_common-code.patch} (55%)
> delete mode 100644
> meta-networking/recipes-connectivity/samba/samba/CVE-2020-14318.patch
> delete mode 100644
> meta-networking/recipes-connectivity/samba/samba/CVE-2020-14383.patch
> delete mode 100644
> meta-networking/recipes-connectivity/samba/samba/glibc_only.patch
> delete mode 100644
> meta-networking/recipes-connectivity/samba/samba/iconv-4.7.0.patch
> rename
> meta-networking/recipes-connectivity/samba/samba/{0001-samba-fix-musl-lib-without-innetgr.patch
> => samba-fix-musl-lib-without-innetgr.patch} (100%)
> delete mode 100644
> meta-networking/recipes-connectivity/samba/samba/smb_conf-4.7.0.patch
> rename meta-networking/recipes-connectivity/samba/{samba_4.10.18.bb =>
> samba_4.14.11.bb} (83%)
> rename
> meta-networking/{recipes-connectivity/samba/samba/20-do-not-import-target-module-while-cross-compile.patch
> =>
> recipes-support/libldb/libldb/0001-do-not-import-target-module-while-cross-compile.patch}
> (90%)
> delete mode 100644
> meta-networking/recipes-support/libldb/libldb/0001-waf-add-support-of-cross_compile.patch
> rename meta-networking/recipes-support/libldb/libldb/{options-1.5.4.patch =>
> 0002-ldb-Add-configure-options-for-packages.patch} (90%)
> rename
> meta-networking/recipes-support/libldb/libldb/{avoid-openldap-unless-wanted.patch
> => 0003-avoid-openldap-unless-wanted.patch} (68%)
> delete mode 100644
> meta-networking/recipes-support/libldb/libldb/libldb-fix-musl-libc-unkown-type-error.patch
> rename meta-networking/recipes-support/libldb/{libldb_1.5.8.bb =>
> libldb_2.3.2.bb} (84%)
> create mode 100644 meta-oe/recipes-devtools/perl/libparse-yapp-perl_1.21.bb
>
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#94563):
https://lists.openembedded.org/g/openembedded-devel/message/94563
Mute This Topic: https://lists.openembedded.org/mt/87992355/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
