Browse Source

samba4: add mandatory option per CVE-2018-16853

Since 4.9.3, Samba AD-DC with MIT Kerberos will refuse to build unless
--with-experimental-mit-ad-dc is provided to the configure command.

The mandatory requirement was introduced in response to a report that
a user in a Samba AD domain can crash the KDC when Samba is built in
the non-default MIT Kerberos configuration:
https://www.samba.org/samba/security/CVE-2018-16853.html

This requirement was introduced in Samba commit
c5370a4349.

Signed-off-by: Val Kulkov <val.kulkov@gmail.com>
lilik-openwrt-22.03
Val Kulkov 6 years ago
parent
commit
d12521c169
1 changed files with 2 additions and 2 deletions
  1. +2
    -2
      net/samba4/Makefile

+ 2
- 2
net/samba4/Makefile View File

@ -3,7 +3,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=samba
PKG_VERSION:=4.9.4
PKG_RELEASE:=1
PKG_RELEASE:=2
PKG_MAINTAINER:=Andy Walsh <andy.walsh44+github@gmail.com>
PKG_LICENSE:=GPL-3.0-only
@ -193,7 +193,7 @@ else
CONFIGURE_ARGS += --without-acl-support
endif
ifeq ($(CONFIG_SAMBA4_SERVER_AD_DC),y)
CONFIGURE_ARGS += --enable-gnutls --with-dnsupdate --with-ads --with-ldap
CONFIGURE_ARGS += --enable-gnutls --with-dnsupdate --with-ads --with-ldap --with-experimental-mit-ad-dc
TARGET_CFLAGS := -I$(STAGING_DIR)/usr/include/python2.7 $(TARGET_CFLAGS)
else
CONFIGURE_ARGS += --without-ad-dc --without-json-audit --without-libarchive --disable-python --nopyc --nopyo --disable-gnutls --without-dnsupdate --without-ads --without-ldap


Loading…
Cancel
Save