Message ID | 20211228073806.868759-1-yi.zhao@windriver.com |
---|---|
Headers | show |
Series | samba: upgrade 4.10.18 -> 4.14.11 | expand |
On 12/27/21 11:37 PM, Yi Zhao wrote: > Upgrade from 4.10.x to 4.14.x to fix CVEs. > > The samba 4.10.x is EOL so it can not get the latest CVEs fixes. Previously, we backport patches from upstream to fix the CVEs. > Unfortunately, for some recent CVEs, it is difficult to backport because there are more than one hundred patches: > https://git.samba.org/?p=samba.git&a=search&h=refs%2Fheads%2Fv4-14-stable&st=commit&s=CVE I do understand the rational. This is not a new situation and can be applied to all supported branches. The issue is this is a large version jump which is outside the accepted maintenance guidelines. I do not intend on applying this series to Hardknott. You do have the option of including this in a special layer. BR, Armin > > Upgrading to 4.14.x seems to be a better way. > > > Khem Raj (2): > libldb: Inherit pkgconfig > samba: Inherit pkgconfig > > Persian Prince (1): > samba: Don't guess dirs for perllocal.pod removing > > Yi Zhao (14): > libldb: upgrade 1.5.8 -> 2.3.0 > libparse-yapp-perl: add recipe > samba: upgrade 4.10.18 -> 4.14.4 > samba: update smb.conf > samba: disable check fcntl RW_HINTS when configure > samba: upgrade 4.14.4 -> 4.14.5 > samba: fix shebang for pidl > samba: add missing runtime dependency for pidl > samba: upgrade 4.14.5 -> 4.14.7 > samba: upgrade 4.14.7 -> 4.14.8 > libldb: upgrade 2.3.0 -> 2.3.2 > samba: upgrade 4.14.8 -> 4.14.10 > samba: add pyldb to rdepends for samba-python3 > samba: update cross-answers files > > wangmy (1): > samba: Solve the dependency problem when installing Samba > > zhengruoqin (1): > samba: upgrade 4.14.10 -> 4.14.11 > > .../cross-answers-aarch64.txt | 5 + > .../cross-answers-aarch64_be.txt | 5 + > .../waf-cross-answers/cross-answers-arm.txt | 5 + > .../waf-cross-answers/cross-answers-armeb.txt | 5 + > .../waf-cross-answers/cross-answers-i586.txt | 5 + > .../waf-cross-answers/cross-answers-i686.txt | 5 + > .../waf-cross-answers/cross-answers-mips.txt | 5 + > .../cross-answers-mips64.txt | 5 + > .../cross-answers-mips64el.txt | 5 + > .../cross-answers-mipsel.txt | 5 + > .../cross-answers-powerpc.txt | 5 + > .../cross-answers-powerpc64.txt | 5 + > .../cross-answers-powerpc64le.txt | 5 + > .../cross-answers-riscv32.txt | 5 + > .../cross-answers-riscv64.txt | 5 + > .../cross-answers-x86_64.txt | 5 + > ... 0001-Don-t-check-xsltproc-manpages.patch} | 24 +-- > ...ipt-Avoid-generating-nested-main-fun.patch | 30 ---- > ....c-Avoid-nss-function-conflicts-with.patch | 96 ------------ > ...001-waf-add-support-of-cross_compile.patch | 62 -------- > ...t-target-module-while-cross-compile.patch} | 8 +- > ...ve-__thread-variable-to-global-scope.patch | 58 ------- > ...-Add-config-option-without-valgrind.patch} | 12 +- > ...ions-to-configure-the-use-of-libbsd.patch} | 45 +++--- > ...5-samba-build-dnsserver_common-code.patch} | 13 +- > .../samba/samba/CVE-2020-14318.patch | 142 ------------------ > .../samba/samba/CVE-2020-14383.patch | 112 -------------- > .../samba/samba/glibc_only.patch | 28 ---- > .../samba/samba/iconv-4.7.0.patch | 25 --- > ... samba-fix-musl-lib-without-innetgr.patch} | 0 > .../recipes-connectivity/samba/samba/smb.conf | 40 ++--- > .../samba/samba/smb_conf-4.7.0.patch | 28 ---- > .../{samba_4.10.18.bb => samba_4.14.11.bb} | 89 ++++++----- > ...t-target-module-while-cross-compile.patch} | 12 +- > ...001-waf-add-support-of-cross_compile.patch | 62 -------- > ...-Add-configure-options-for-packages.patch} | 38 ++--- > ...> 0003-avoid-openldap-unless-wanted.patch} | 13 +- > ...bldb-fix-musl-libc-unkown-type-error.patch | 31 ---- > .../{libldb_1.5.8.bb => libldb_2.3.2.bb} | 14 +- > .../perl/libparse-yapp-perl_1.21.bb | 21 +++ > 40 files changed, 254 insertions(+), 829 deletions(-) > rename meta-networking/recipes-connectivity/samba/samba/{16-do-not-check-xsltproc-manpages.patch => 0001-Don-t-check-xsltproc-manpages.patch} (77%) > delete mode 100644 meta-networking/recipes-connectivity/samba/samba/0001-lib-replace-wscript-Avoid-generating-nested-main-fun.patch > delete mode 100644 meta-networking/recipes-connectivity/samba/samba/0001-nsswitch-nsstest.c-Avoid-nss-function-conflicts-with.patch > delete mode 100644 meta-networking/recipes-connectivity/samba/samba/0001-waf-add-support-of-cross_compile.patch > rename meta-networking/{recipes-support/libldb/libldb/do-not-import-target-module-while-cross-compile.patch => recipes-connectivity/samba/samba/0002-do-not-import-target-module-while-cross-compile.patch} (94%) > delete mode 100644 meta-networking/recipes-connectivity/samba/samba/0002-util_sec.c-Move-__thread-variable-to-global-scope.patch > rename meta-networking/recipes-connectivity/samba/samba/{21-add-config-option-without-valgrind.patch => 0003-Add-config-option-without-valgrind.patch} (88%) > rename meta-networking/recipes-connectivity/samba/samba/{0001-Add-options-to-configure-the-use-of-libbsd.patch => 0004-Add-options-to-configure-the-use-of-libbsd.patch} (76%) > rename meta-networking/recipes-connectivity/samba/samba/{dnsserver-4.7.0.patch => 0005-samba-build-dnsserver_common-code.patch} (55%) > delete mode 100644 meta-networking/recipes-connectivity/samba/samba/CVE-2020-14318.patch > delete mode 100644 meta-networking/recipes-connectivity/samba/samba/CVE-2020-14383.patch > delete mode 100644 meta-networking/recipes-connectivity/samba/samba/glibc_only.patch > delete mode 100644 meta-networking/recipes-connectivity/samba/samba/iconv-4.7.0.patch > rename meta-networking/recipes-connectivity/samba/samba/{0001-samba-fix-musl-lib-without-innetgr.patch => samba-fix-musl-lib-without-innetgr.patch} (100%) > delete mode 100644 meta-networking/recipes-connectivity/samba/samba/smb_conf-4.7.0.patch > rename meta-networking/recipes-connectivity/samba/{samba_4.10.18.bb => samba_4.14.11.bb} (83%) > rename meta-networking/{recipes-connectivity/samba/samba/20-do-not-import-target-module-while-cross-compile.patch => recipes-support/libldb/libldb/0001-do-not-import-target-module-while-cross-compile.patch} (90%) > delete mode 100644 meta-networking/recipes-support/libldb/libldb/0001-waf-add-support-of-cross_compile.patch > rename meta-networking/recipes-support/libldb/libldb/{options-1.5.4.patch => 0002-ldb-Add-configure-options-for-packages.patch} (90%) > rename meta-networking/recipes-support/libldb/libldb/{avoid-openldap-unless-wanted.patch => 0003-avoid-openldap-unless-wanted.patch} (68%) > delete mode 100644 meta-networking/recipes-support/libldb/libldb/libldb-fix-musl-libc-unkown-type-error.patch > rename meta-networking/recipes-support/libldb/{libldb_1.5.8.bb => libldb_2.3.2.bb} (84%) > create mode 100644 meta-oe/recipes-devtools/perl/libparse-yapp-perl_1.21.bb >