diff options
| author | Andrew Geissler <geissonator@yahoo.com> | 2021-01-09 01:11:14 +0300 |
|---|---|---|
| committer | Andrew Geissler <geissonator@yahoo.com> | 2021-01-09 01:12:46 +0300 |
| commit | 72956edabebd4188f98e3b0d9f8ce727e8d13ea3 (patch) | |
| tree | 2948237a0026b455367cc7fd5f64f3fe60f75c53 /meta-openembedded/meta-networking/recipes-connectivity/samba | |
| parent | 015e6aa5df52e64da55eb64ea70ff1a58540d1f6 (diff) | |
| download | openbmc-72956edabebd4188f98e3b0d9f8ce727e8d13ea3.tar.xz | |
meta-openembedded: subtree update:936f2380bb..4599fea881
Alexander Vickberg (1):
mbedtls: upgrade to 2.25.0
Andreas Müller (44):
xfce4-panel-profiles: upgrade 1.0.10 -> 1.0.12
mousepad: upgrade 0.4.2 -> 0.5.2
xfce4-screenshooter: upgrade 1.9.7 -> 1.9.8
xfce4-taskmanager: upgrade 1.2.3 -> 1.4.0
xfce4-calculator-plugin: upgrade 0.7.0 -> 0.7.1
xfce4-cpugraph-plugin: upgrade 1.1.0 -> 1.2.0
xfce4-datetime-plugin: upgrade 0.8.0 -> 0.8.1
xfce4-diskperf-plugin: upgrade 2.6.2 -> 2.6.3
xfce4-fsguard-plugin: upgrade 1.1.1 -> 1.1.2
xfce4-smartbookmark-plugin: upgrade 0.5.1 -> 0.5.2
xfce4-systemload-plugin: upgrade 1.2.3 -> 1.2.4
xfce4-verve-plugin: upgrade 2.0.0 -> 2.0.1
xfce4-wavelan-plugin: upgrade 0.6.1 -> 0.6.2
xfce4-whiskermenu-plugin: upgrade 2.4.6 -> 2.5.1
xfce4-xkb-plugin: upgrade 0.8.1 -> 0.8.2
xfce4-mount-plugin: upgrade 1.1.3 -> 1.1.5
xfce4-dev-tools: upgrade 4.14.0 -> 4.16.0
libxfce4util: upgrade 4.14.0 -> 4.16.0
xfconf: upgrade 4.14.3 -> 4.16.0
libxfce4ui: upgrade 4.14.1 -> 4.16.0
exo: upgrade 0.12.11 -> 4.16.0
garcon: upgrade 0.7.0 -> 0.8.0
xfwm4: upgrade 4.14.5 -> 4.16.0
xfce4-settings: upgrade 4.14.3 -> 4.16.0
xfce4-panel: upgrade 4.14.4 -> 4.16.0
xfce4-session: upgrade 4.14.2 -> 4.16.0
xfdesktop: upgrade 4.14.2 -> 4.16.0
xfce4-power-manager: upgrade 1.6.6 -> 4.16.0
tumbler: upgrade 0.3.1 -> 4.16.0
thunar-volman: upgrade 0.9.5 -> 4.16.0
thunar: upgrade 1.8.15 -> 4.16.0
xfce4-appfinder: upgrade 4.14.0 -> 4.16.0
xfce4-terminal: 0.8.9.2 -> 0.8.10
xfce4-screensaver: upgrade 0.1.10 -> 4.16.0
xfce4-taskmanager: remove exo-native from DEPENDS
xfce4-closebutton-plugin: upgrade 0.1.0+ -> 4.16.0
xfce4-sensors-plugin: upgrade 1.3.92 -> 1.3.95
xfce4-genmon-plugin: upgrade 4.0.2 -> 4.1.0
xfce4-hotcorner-plugin: remove
xfce4-embed-plugin: remove for now
xfce4-equake-plugin: remove for now
xfce4-notes-plugin: remove for now
fluidsynth: upgrade 2.1.5 -> 2.1.6
blueman: upgrade 2.1.3 -> 2.1.4
Bruce Ashfield (1):
vboxguestdrivers: fix build against kernel v5.10+
Caio Toledo (3):
Add recipe for dbus-cxx
Add dbus-cxx to packagegroup-meta-oe
Fix dbus-cxx build for musl
Changqing Li (1):
libssh2: enhance ptest
Chen Qi (1):
tclap: fix branch
Chencheng Zhang (1):
tclap: align version to tag v1.2.2
Diego Santa Cruz (2):
gssdp: Upgrade to 1.2.2 -> 1.2.3
gupnp: Upgrade to 1.2.2 -> 1.2.4
Dmitry Baryshkov (11):
android-tools-conf-configfs: add an alternative to anrdoid-tools-conf
android-tools-conf: fix android-tools build-deps warning
conf/layer.conf: provide default PREFERRED_PROVIDER_android-tools-conf
imlib2: add image manipulation libray from englightenment project
feh: imlib2 based image viewer
obconf: Openbox configuration tool
xterm: install xterm and uxterm desktop files
xterm: update to version 362
xterm: provide virtual/x-terminal-emulator
layer.conf: add gnome-layer dynamic entry
openbox-xdgmenu: Openbox menu generator
He Zhe (2):
ebtables: Add symbol link /sbin/ebtables
lmbench: Fix setting LDLIBS failure
Hongxu Jia (2):
flatbuffers: add python3 support
python3-wrapt: add native support
Joe Slater (1):
multipath-tools: fix error handling for udev_monitor_set_receive_buffer_size
Khem Raj (9):
pidgin-sipe: Do not add native libdir to pkgconfig search path
sdbus-c++-libsystemd: Fix reallocarray check in meson
networkmanager: Fix reallocarray check in meson and configure
redis: Update to 6.0.9
python3-matplotlib: Disable LTO on mips/clang
cyrus-sasl: Disable ntlm plugin by default
postgresql: Use /dev/urandom when openssl is not used
xrdp: Upgrade to 0.9.14
iwd: Upgrade to 1.10
Leon Anavi (33):
python3-stevedore: Upgrade 3.2.2 -> 3.3.0
python3-pychromecast: Upgrade 7.5.1 -> 7.6.0
python3-humanize: Upgrade 3.1.0 -> 3.2.0
python3-fasteners: Upgrade 0.15 -> 0.16
python3-luma-core: Upgrade 2.0.1 -> 2.2.0
python3-chardet: Upgrade 3.0.4 -> 4.0.0
python3-watchdog: Upgrade 0.10.3 -> 1.0.2
python3-natsort: Upgrade 7.0.1 -> 7.1.0
python3-gmqtt: Upgrade 0.6.8 -> 0.6.9
python3-pymongo: Upgrade 3.11.0 -> 3.11.2
python3-requests: Upgrade 2.25.0 -> 2.25.1
python3-nocasedict: Upgrade 1.0.1 -> 1.0.2
python3-soupsieve: Upgrade 2.0.1 -> 2.1
python3-jsonpatch: Upgrade 1.26 -> 1.28
python3-psutil: Upgrade 5.7.3 -> 5.8.0
python3-argcomplete: Upgrade 1.12.1 -> 1.12.2
python3-multidict: Upgrade 5.0.0 -> 5.1.0
python3-nocaselist: Upgrade 1.0.3 -> 1.0.4
python3-prompt-toolkit: Upgrade 3.0.8 -> 3.0.9
python3-pychromecast: Upgrade 7.6.0 -> 7.7.1
python3-txaio: Upgrade 20.4.1 -> 20.12.1
python3-croniter: Upgrade 0.3.36 -> 0.3.37
python3-pandas: Upgrade 1.1.4 -> 1.2.0
python3-sympy: Upgrade 1.6.2 -> 1.7.1
python3-twine: Upgrade 3.2.0 -> 3.3.0
python3-humanfriendly: Upgrade 8.2 -> 9.1
python3-sqlalchemy: Upgrade 1.3.20 -> 1.3.22
python3-transitions: Upgrade 0.8.5 -> 0.8.6
python3-pytest-metadata: Upgrade 1.10.0 -> 1.11.0
python3-smbus2: Upgrade 0.3.0 -> 0.4.0
python3-cantools: Upgrade 35.5.0 -> 36.1.0
python3-sentry-sdk: Upgrade 0.19.1 -> 0.19.5
python3-babel: Upgrade 2.8.0 -> 2.9.0
Mark Jonas (1):
beep: Update to 1.4.9 in new repository
Martin Jansa (1):
linuxconsole: move jscal to separate package, add to packagegroup
Michael Vetter (1):
jasper: upgrade 2.0.23 -> 2.0.24
Mingli Yu (3):
traceroute: change the ALTERNATIVE_PRIORITY
tftp-hpa: change the ALTERNATIVE_PRIORITY
python3-astor: switch to python3
Ola X Nilsson (1):
python3-idna Remove 2.8
Qi.Chen@windriver.com (1):
python3-requests: upgrade to 2.25.0
Ramon Fried (2):
bitwise: add new recipe
yaml-cpp: add new recipe
Roland Hieber (3):
openct: remove lines that resulted in a no-op
openct: clean up do_install
openct: allow building as native package
Sean Nyekjaer (1):
nodejs: 12.19.1 -> 12.20.1
Stacy Gaikovaia (1):
nodejs: 12.19.0 -> 12.19.1
Trevor Woerner (1):
glmark2: fix precision handling bugs
Wang Mingyu (1):
zabbix: CVE-2020-15803 Security Advisory
Wenlin Kang (1):
syslog-ng: add bison-native to dependencies
Yi Zhao (9):
ebtables: do not install /etc/ethertypes
yaffs2-utils: update to latest git rev
f2fs-tools: upgrade 1.13.0 -> 1.14.0
dracut: upgrade 049 -> 051
ebtables: add missing file ebtables.common
ebtables: remove upstream ebtables-legacy-save
ebtables: do not install /etc/ethertypes
tcpdump: add UPSTREAM_CHECK_REGEX
phpmyadmin: 5.0.2 -> 5.0.4
Zang Ruochen (5):
mcpp: Normalize the patch format of CVE
python3-aenum: upgrade 2.2.4 -> 2.2.6
python3-autobahn: upgrade 20.7.1 -> 20.12.3
python3-bandit: upgrade 1.6.2 -> 1.7.0
python3-cachetools: upgrade 4.1.1 -> 4.2.0
Zheng Ruoqin (5):
samba: CVE-2020-14318 Security Advisory
samba: CVE-2020-14383 Security Advisory
php: CVE-2020-7070
php: CVE-2020-7069
poppler: upgrade 20.11.0 -> 20.12.1
changqing.li@windriver.com (3):
postgresql: upgrade 12.4 -> 13.1
nginx: upgrade 1.16.1 -> 1.18.0
nginx: upgrade 1.17.8 -> 1.19.6
jabdoa2 (2):
libsdl2-mixer: Fix ogg/vorbis support in libsdl2-mixer
libsdl2-mixer: set --disable-music-ogg-shared to link statically
lumag (2):
android-tools: fix package split
android-tools: split adbd to the separate package
zangrc (35):
fuse3: upgrade 3.10.0 -> 3.10.1
openipmi: upgrade 2.0.29 -> 2.0.30
vblade: upgrade 24 -> 25
dumb-init: upgrade 1.2.2 -> 1.2.5
fio: upgrade 3.24 -> 3.25
hwdata: upgrade 0.341 -> 0.342
nano: upgrade 5.3 -> 5.4
ocl-icd: upgrade 2.2.13 -> 2.2.14
ebtables: upgrade 2.0.10-4 -> 2.0.11
iscsi-initiator-utils: upgrade 2.1.2 -> 2.1.3
opencl-headers: upgrade 2020.06.16 -> 2020.12.18
opencl-icd-loader: upgrade 2020.06.16 -> 2020.12.18
c-periphery: upgrade 2.2.5 -> 2.3.0
opencl-clhpp: upgrade 2.0.12 -> 2.0.13
uthash: upgrade 2.1.0 -> 2.2.0
libtalloc: upgrade 2.3.0 -> 2.3.1
libtevent: upgrade 0.10.1 -> 0.10.2
ace: upgrade 6.5.10 -> 6.5.12
python3-ldap: upgrade 3.2.0 -> 3.3.1
wolfssl: upgrade 4.5.0 -> 4.6.0
asio: upgrade 1.18.0 -> 1.18.1
dash: upgrade 0.5.11.2 -> 0.5.11.3
geoclue: upgrade 2.5.6 -> 2.5.7
libmicrohttpd: upgrade 0.9.71 -> 0.9.72
nss: upgrade 3.59 -> 3.60
paho-mqtt-c: upgrade 1.3.7 -> 1.3.8
terminus-font: upgrade 4.48 -> 4.49.1
libnet-ldap-perl: upgrade 0.66 -> 0.67
rdma-core: upgrade 32.0 -> 33.0
can-utils: upgrade 2020.11.0 -> 2020.12.0
cpprest: upgrade 2.10.16 -> 2.10.17
haveged: upgrade 1.9.13 -> 1.9.14
live555: upgrade 20201105 -> 20210101
smartmontools: upgrade 7.1 -> 7.2
openjpeg: upgrade 2.3.1 -> 2.4.0
zhengruoqin (12):
pugixml: upgrade 1.11 -> 1.11.2
spdlog: upgrade 1.8.1 -> 1.8.2
spitools: upgrade 0.8.5 -> 0.8.6
uhubctl: upgrade 2.2.0 -> 2.3.0
xserver-xorg-cvt-native: upgrade 1.20.9 -> 1.20.10
zchunk: upgrade 1.1.7 -> 1.1.8
libencode-perl: upgrade 3.07 -> 3.08
bridge-utils: upgrade 1.6 -> 1.7
netplan: upgrade 0.100 -> 0.101
opensaf: upgrade 5.20.08 -> 5.20.11
cppzmq: upgrade 4.7.0 -> 4.7.1
gperftools: upgrade 2.8 -> 2.8.1
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: I53939ad487155ca87e27cfd77d65962458d892e0
Diffstat (limited to 'meta-openembedded/meta-networking/recipes-connectivity/samba')
3 files changed, 256 insertions, 0 deletions
diff --git a/meta-openembedded/meta-networking/recipes-connectivity/samba/samba/CVE-2020-14318.patch b/meta-openembedded/meta-networking/recipes-connectivity/samba/samba/CVE-2020-14318.patch new file mode 100644 index 0000000000..ff1225db07 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-connectivity/samba/samba/CVE-2020-14318.patch @@ -0,0 +1,142 @@ +From ccf53dfdcd39f3526dbc2f20e1245674155380ff Mon Sep 17 00:00:00 2001 +From: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com> +Date: Fri, 11 Dec 2020 11:32:44 +0900 +Subject: [PATCH] s4: torture: Add smb2.notify.handle-permissions test. + +s3: smbd: Ensure change notifies can't get set unless the + directory handle is open for SEC_DIR_LIST. + +CVE-2020-14318 + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=14434 + +Signed-off-by: Jeremy Allison <jra@samba.org> + +Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com> +--- + source3/smbd/notify.c | 8 ++++ + source4/torture/smb2/notify.c | 82 ++++++++++++++++++++++++++++++++++- + 2 files changed, 89 insertions(+), 1 deletion(-) + +diff --git a/source3/smbd/notify.c b/source3/smbd/notify.c +index 44c0b09..d23c03b 100644 +--- a/source3/smbd/notify.c ++++ b/source3/smbd/notify.c +@@ -283,6 +283,14 @@ NTSTATUS change_notify_create(struct files_struct *fsp, uint32_t filter, + char fullpath[len+1]; + NTSTATUS status = NT_STATUS_NOT_IMPLEMENTED; + ++ /* ++ * Setting a changenotify needs READ/LIST access ++ * on the directory handle. ++ */ ++ if (!(fsp->access_mask & SEC_DIR_LIST)) { ++ return NT_STATUS_ACCESS_DENIED; ++ } ++ + if (fsp->notify != NULL) { + DEBUG(1, ("change_notify_create: fsp->notify != NULL, " + "fname = %s\n", fsp->fsp_name->base_name)); +diff --git a/source4/torture/smb2/notify.c b/source4/torture/smb2/notify.c +index ebb4f8a..a5c9b94 100644 +--- a/source4/torture/smb2/notify.c ++++ b/source4/torture/smb2/notify.c +@@ -2569,6 +2569,83 @@ done: + return ok; + } + ++/* ++ Test asking for a change notify on a handle without permissions. ++*/ ++ ++#define BASEDIR_HPERM BASEDIR "_HPERM" ++ ++static bool torture_smb2_notify_handle_permissions( ++ struct torture_context *torture, ++ struct smb2_tree *tree) ++{ ++ bool ret = true; ++ NTSTATUS status; ++ union smb_notify notify; ++ union smb_open io; ++ struct smb2_handle h1 = {{0}}; ++ struct smb2_request *req; ++ ++ smb2_deltree(tree, BASEDIR_HPERM); ++ smb2_util_rmdir(tree, BASEDIR_HPERM); ++ ++ torture_comment(torture, ++ "TESTING CHANGE NOTIFY " ++ "ON A HANDLE WITHOUT PERMISSIONS\n"); ++ ++ /* ++ get a handle on the directory ++ */ ++ ZERO_STRUCT(io.smb2); ++ io.generic.level = RAW_OPEN_SMB2; ++ io.smb2.in.create_flags = 0; ++ io.smb2.in.desired_access = SEC_FILE_READ_ATTRIBUTE; ++ io.smb2.in.create_options = NTCREATEX_OPTIONS_DIRECTORY; ++ io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL; ++ io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_READ | ++ NTCREATEX_SHARE_ACCESS_WRITE; ++ io.smb2.in.alloc_size = 0; ++ io.smb2.in.create_disposition = NTCREATEX_DISP_CREATE; ++ io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS; ++ io.smb2.in.security_flags = 0; ++ io.smb2.in.fname = BASEDIR_HPERM; ++ ++ status = smb2_create(tree, torture, &io.smb2); ++ CHECK_STATUS(status, NT_STATUS_OK); ++ h1 = io.smb2.out.file.handle; ++ ++ /* ask for a change notify, ++ on file or directory name changes */ ++ ZERO_STRUCT(notify.smb2); ++ notify.smb2.level = RAW_NOTIFY_SMB2; ++ notify.smb2.in.buffer_size = 1000; ++ notify.smb2.in.completion_filter = FILE_NOTIFY_CHANGE_NAME; ++ notify.smb2.in.file.handle = h1; ++ notify.smb2.in.recursive = true; ++ ++ req = smb2_notify_send(tree, ¬ify.smb2); ++ torture_assert_goto(torture, ++ req != NULL, ++ ret, ++ done, ++ "smb2_notify_send failed\n"); ++ ++ /* ++ * Cancel it, we don't really want to wait. ++ */ ++ smb2_cancel(req); ++ status = smb2_notify_recv(req, torture, ¬ify.smb2); ++ /* Handle h1 doesn't have permissions for ChangeNotify. */ ++ CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED); ++ ++done: ++ if (!smb2_util_handle_empty(h1)) { ++ smb2_util_close(tree, h1); ++ } ++ smb2_deltree(tree, BASEDIR_HPERM); ++ return ret; ++} ++ + /* + basic testing of SMB2 change notify + */ +@@ -2602,7 +2679,10 @@ struct torture_suite *torture_smb2_notify_init(TALLOC_CTX *ctx) + torture_smb2_notify_rmdir3); + torture_suite_add_2smb2_test(suite, "rmdir4", + torture_smb2_notify_rmdir4); +- ++ torture_suite_add_1smb2_test(suite, ++ "handle-permissions", ++ torture_smb2_notify_handle_permissions); ++ + suite->description = talloc_strdup(suite, "SMB2-NOTIFY tests"); + + return suite; +-- +2.25.1 + diff --git a/meta-openembedded/meta-networking/recipes-connectivity/samba/samba/CVE-2020-14383.patch b/meta-openembedded/meta-networking/recipes-connectivity/samba/samba/CVE-2020-14383.patch new file mode 100644 index 0000000000..3341b80a38 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-connectivity/samba/samba/CVE-2020-14383.patch @@ -0,0 +1,112 @@ +From ff17443fe761eda864d13957bec45f5bac478fe3 Mon Sep 17 00:00:00 2001 +From: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com> +Date: Fri, 11 Dec 2020 14:34:31 +0900 +Subject: [PATCH] CVE-2020-14383: s4/dns: Ensure variable initialization with + NULL. do not crash when additional data not found +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Found by Francis Brosnan Blázquez <francis@aspl.es>. +Based on patches from Francis Brosnan Blázquez <francis@aspl.es> +and Jeremy Allison <jra@samba.org> + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=14472 +BUG: https://bugzilla.samba.org/show_bug.cgi?id=12795 + +Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> +Reviewed-by: Jeremy Allison <jra@samba.org> + +Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org> +Autobuild-Date(master): Mon Aug 24 00:21:41 UTC 2020 on sn-devel-184 + +(based on commit df98e7db04c901259dd089e20cd557bdbdeaf379) +(based on commit 7afe449e7201be92bed8e53cbb37b74af720ef4e + +Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com> +--- + .../rpc_server/dnsserver/dcerpc_dnsserver.c | 31 ++++++++++--------- + 1 file changed, 17 insertions(+), 14 deletions(-) + +diff --git a/source4/rpc_server/dnsserver/dcerpc_dnsserver.c b/source4/rpc_server/dnsserver/dcerpc_dnsserver.c +index 910de9a1..618c7096 100644 +--- a/source4/rpc_server/dnsserver/dcerpc_dnsserver.c ++++ b/source4/rpc_server/dnsserver/dcerpc_dnsserver.c +@@ -1754,15 +1754,17 @@ static WERROR dnsserver_enumerate_records(struct dnsserver_state *dsstate, + TALLOC_CTX *tmp_ctx; + char *name; + const char * const attrs[] = { "name", "dnsRecord", NULL }; +- struct ldb_result *res; +- struct DNS_RPC_RECORDS_ARRAY *recs; ++ struct ldb_result *res = NULL; ++ struct DNS_RPC_RECORDS_ARRAY *recs = NULL; + char **add_names = NULL; +- char *rname; ++ char *rname = NULL; + const char *preference_name = NULL; + int add_count = 0; + int i, ret, len; + WERROR status; +- struct dns_tree *tree, *base, *node; ++ struct dns_tree *tree = NULL; ++ struct dns_tree *base = NULL; ++ struct dns_tree *node = NULL; + + tmp_ctx = talloc_new(mem_ctx); + W_ERROR_HAVE_NO_MEMORY(tmp_ctx); +@@ -1845,15 +1847,15 @@ static WERROR dnsserver_enumerate_records(struct dnsserver_state *dsstate, + } + } + +- talloc_free(res); +- talloc_free(tree); +- talloc_free(name); ++ TALLOC_FREE(res); ++ TALLOC_FREE(tree); ++ TALLOC_FREE(name); + + /* Add any additional records */ + if (select_flag & DNS_RPC_VIEW_ADDITIONAL_DATA) { + for (i=0; i<add_count; i++) { +- struct dnsserver_zone *z2; +- ++ struct dnsserver_zone *z2 = NULL; ++ struct ldb_message *msg = NULL; + /* Search all the available zones for additional name */ + for (z2 = dsstate->zones; z2; z2 = z2->next) { + char *encoded_name; +@@ -1865,14 +1867,15 @@ static WERROR dnsserver_enumerate_records(struct dnsserver_state *dsstate, + LDB_SCOPE_ONELEVEL, attrs, + "(&(objectClass=dnsNode)(name=%s)(!(dNSTombstoned=TRUE)))", + encoded_name); +- talloc_free(name); ++ TALLOC_FREE(name); + if (ret != LDB_SUCCESS) { + continue; + } + if (res->count == 1) { ++ msg = res->msgs[0]; + break; + } else { +- talloc_free(res); ++ TALLOC_FREE(res); + continue; + } + } +@@ -1885,10 +1888,10 @@ static WERROR dnsserver_enumerate_records(struct dnsserver_state *dsstate, + } + status = dns_fill_records_array(tmp_ctx, NULL, DNS_TYPE_A, + select_flag, rname, +- res->msgs[0], 0, recs, ++ msg, 0, recs, + NULL, NULL); +- talloc_free(rname); +- talloc_free(res); ++ TALLOC_FREE(rname); ++ TALLOC_FREE(res); + } + } + +-- +2.25.1 + diff --git a/meta-openembedded/meta-networking/recipes-connectivity/samba/samba_4.10.18.bb b/meta-openembedded/meta-networking/recipes-connectivity/samba/samba_4.10.18.bb index b5085c913b..1a982368ec 100644 --- a/meta-openembedded/meta-networking/recipes-connectivity/samba/samba_4.10.18.bb +++ b/meta-openembedded/meta-networking/recipes-connectivity/samba/samba_4.10.18.bb @@ -28,6 +28,8 @@ SRC_URI = "${SAMBA_MIRROR}/stable/samba-${PV}.tar.gz \ file://0002-util_sec.c-Move-__thread-variable-to-global-scope.patch \ file://0001-Add-options-to-configure-the-use-of-libbsd.patch \ file://0001-nsswitch-nsstest.c-Avoid-nss-function-conflicts-with.patch \ + file://CVE-2020-14318.patch \ + file://CVE-2020-14383.patch \ " SRC_URI_append_libc-musl = " \ file://samba-pam.patch \ |