From 0c8ff5f6e7f479ae45b58694fcadf9c04d3f2741 Mon Sep 17 00:00:00 2001
From: Sean McAvoy <seanmcavoy@gmail.com>
Date: Tue, 1 Feb 2022 20:03:17 -0500
Subject: [PATCH] main/samba: security upgrade 4.13.17 CVE-2016-2124
CVE-2020-25717 CVE-2020-25718 CVE-2020-25719 CVE-2020-25721 CVE-2020-25722
CVE-2021-23192 CVE-2021-3738 main/ldb: upgrade to 2.2.3
---
main/ldb/APKBUILD | 11 +++++++---
main/ldb/skip-failing-tests.patch | 35 +++++++++++++++++++++++++++++++
main/samba/APKBUILD | 20 +++++++++++++++---
3 files changed, 60 insertions(+), 6 deletions(-)
create mode 100644 main/ldb/skip-failing-tests.patch
diff --git a/main/ldb/APKBUILD b/main/ldb/APKBUILD
index d3ddbf41e040..6c9b7d472bb5 100644
--- a/main/ldb/APKBUILD
+++ b/main/ldb/APKBUILD
@@ -1,6 +1,6 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=ldb
-pkgver=2.2.1
+pkgver=2.2.3
pkgrel=0
pkgdesc="A schema-less, ldap like, API and database"
url="https://ldb.samba.org/"
@@ -11,6 +11,7 @@ makedepends="libtirpc-dev tevent-dev py3-tevent tdb-dev py3-tdb talloc-dev
subpackages="$pkgname-dev py3-$pkgname:_py3 $pkgname-tools $pkgname-doc"
source="https://www.samba.org/ftp/pub/ldb/ldb-$pkgver.tar.gz
disable-compile-error-test.patch
+ skip-failing-tests.patch
"
# secfixes:
@@ -21,6 +22,7 @@ _waf=buildtools/bin/waf
case "$CARCH" in
ppc64le) options="$options !check" ;;
+ armhf|armv7|x86) export DEB_HOST_ARCH_BITS=32 ;;
esac
build() {
@@ -57,5 +59,8 @@ tools() {
mv "$pkgdir"/usr/lib/ldb/libldb-cmdline.* "$subpkgdir"/usr/lib/ldb/
}
-sha512sums="a2b1598869e3d9f17c5b82fc2b7289f1f08a7378a1d72609af5ed5cc91fb571ac67d3a8c22d64dad5dcc9fe32520baccd5cc37d5b4fc5f1b00a7064902296344 ldb-2.2.1.tar.gz
-ed55d5151bbcaf5c0a1b70a1f44b461a501ad94ce02ee97e3ea10c560ce3656a190510697bbd3c5b6f70a74519bf7c0a91210bcb415ffd97d9440045e10a02e8 disable-compile-error-test.patch"
+sha512sums="
+0fdda9e033cbd04d6b50c76ecf044068353d2abf50c5c9d9c804b8b9e70f6d85bf925ac984a38c2b7a159a384bfc94e5232b05a32cdbc9299dc43930d1b6a985 ldb-2.2.3.tar.gz
+ed55d5151bbcaf5c0a1b70a1f44b461a501ad94ce02ee97e3ea10c560ce3656a190510697bbd3c5b6f70a74519bf7c0a91210bcb415ffd97d9440045e10a02e8 disable-compile-error-test.patch
+08e6a0b075dc40c8d1c9ac12fcf72c0601d3ec128a56915be88336754b876580d52f64e94bf9157e82810a9afe2eb6cdb7be0e999fd88a5e70e70dd71ce1dab5 skip-failing-tests.patch
+"
diff --git a/main/ldb/skip-failing-tests.patch b/main/ldb/skip-failing-tests.patch
new file mode 100644
index 000000000000..0b32f2bd95ed
--- /dev/null
+++ b/main/ldb/skip-failing-tests.patch
@@ -0,0 +1,35 @@
+From 38f5e8e09a7ae641b3669068b10c6bd966e46632 Mon Sep 17 00:00:00 2001
+From: Mathieu Parent <math.parent@gmail.com>
+Date: Thu, 4 Nov 2021 22:46:15 +0100
+Subject: [PATCH] Skip failing tests (on 32-bit architectures)
+
+See https://bugzilla.samba.org/show_bug.cgi?id=14558#c17
+---
+ tests/python/api.py | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/tests/python/api.py b/tests/python/api.py
+index 8d154aa..e1de40c 100755
+--- a/tests/python/api.py
++++ b/tests/python/api.py
+@@ -44,6 +44,9 @@ class NoContextTests(TestCase):
+ self.assertEqual("19700101000000.0Z", ldb.timestring(0))
+ self.assertEqual("20071119191012.0Z", ldb.timestring(1195499412))
+
++ if os.environ.get('DEB_HOST_ARCH_BITS', '64') == '32':
++ self.skipTest('Test failing on 32-bit')
++
+ self.assertEqual("00000101000000.0Z", ldb.timestring(-62167219200))
+ self.assertEqual("99991231235959.0Z", ldb.timestring(253402300799))
+
+@@ -62,6 +65,9 @@ class NoContextTests(TestCase):
+ self.assertEqual(0, ldb.string_to_time("19700101000000.0Z"))
+ self.assertEqual(1195499412, ldb.string_to_time("20071119191012.0Z"))
+
++ if os.environ.get('DEB_HOST_ARCH_BITS', '64') == '32':
++ self.skipTest('Test failing on 32-bit')
++
+ self.assertEqual(-62167219200, ldb.string_to_time("00000101000000.0Z"))
+ self.assertEqual(253402300799, ldb.string_to_time("99991231235959.0Z"))
+
+--
diff --git a/main/samba/APKBUILD b/main/samba/APKBUILD
index 59985ef928b6..e7e956ab01f7 100644
--- a/main/samba/APKBUILD
+++ b/main/samba/APKBUILD
@@ -1,6 +1,6 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=samba
-pkgver=4.13.8
+pkgver=4.13.17
pkgrel=0
pkgdesc="Tools to access a server's filespace and printers via SMB"
url="https://www.samba.org/"
@@ -95,6 +95,17 @@ source="
pkggroups="winbind"
# secfixes:
+# 4.13.17-r0:
+# - CVE-2016-2124
+# - CVE-2020-25717
+# - CVE-2020-25718
+# - CVE-2020-25719
+# - CVE-2020-25721
+# - CVE-2020-25722
+# - CVE-2021-23192
+# - CVE-2021-3738
+# - CVE-2021-43566
+# - CVE-2021-44142
# 4.13.8-r0:
# - CVE-2021-20254
# 4.13.7-r0:
@@ -546,6 +557,7 @@ libs() {
usr/lib/$pkgname/libcmocka-samba4.so \
usr/lib/$pkgname/libcommon-auth-samba4.so \
usr/lib/$pkgname/libdbwrap-samba4.so \
+ usr/lib/$pkgname/libdcerpc-pkt-auth-samba4.so \
usr/lib/$pkgname/libdcerpc-samba-samba4.so \
usr/lib/$pkgname/libevents-samba4.so \
usr/lib/$pkgname/libflag-mapping-samba4.so \
@@ -606,7 +618,8 @@ libs() {
"$pkgdir"/usr
}
-sha512sums="b8704097b5c20f2d5eb04f41b4519205f1b554215b396e558715a3039aeaece6ad776928c9aa7be84a3bc98994cdfdb0b7e3787c31832eb0e025eb796fe06bae samba-4.13.8.tar.gz
+sha512sums="
+3f47cc588c370510a11a1d5dc1a9f64872d765a2940a0dd39f02718f9a81b134dda9c9cb593f291f2aa1657de65b26458adcda33369c0858e16edf7f088edaf4 samba-4.13.17.tar.gz
58de5e79fdfd06e828d478e112d581d333a8bee88d2602b92204d780f0d707b27dd84f8e2e6b00fca40da81c8fe99aa5bcec70d8b393d3a0a83199c72a4aa48b getpwent_r.patch
b7906d66fe55a980a54161ee3f311b51bcbce76b8d4c8cc1ba6d0c5bdf98232cb192b9d2c1aa7b3e2742f5b9848c6cf429347940eefe66c3e0eda1d5aac1bf93 musl_uintptr.patch
1854577d0e4457e27da367a6c7ec0fb5cfd63cefea0a39181c9d6e78cf8d3eb50878cdddeea3daeec955d00263151c2f86ea754ff4276ef98bc52c0276d9ffe8 netdb-defines.patch
@@ -617,4 +630,5 @@ bc2df70e327fea5dfbd923600225f1448815d842c37d6937dd74eab7f7699d7f52cd7a8e28a61233
c0bbe1186b150a9bb2a0b741a8cfbd7a5109e5fed1eaa07aaa38cf026ebe054d38cc01e2496f0cab7b40f743e1b7ecfbf8a4d5820810226c4152021df65f36dc pidl.patch
96070e2461370437f48571e7de550c13a332fef869480cfe92e7cac73a998f6c2ee85d2580df58211953bebd0e577691aa710c8edddf3ea0f30e9d47d0a2fd44 samba.initd
e2b49cb394e758447ca97de155a61b4276499983a0a5c00b44ae621c5559b759a766f8d1c8d3ee98ad5560f4064a847a7a20cfa2e14f85c061bec8b80fd649eb samba.confd
-3458a4e1f8a8b44c966afb339b2dca51615be049f594c14911fc4d8203623deee416b6fe881436e246fc7d49c97a2b3bf9c5f33ba774302b24190a1103d6b67d samba.logrotate"
+3458a4e1f8a8b44c966afb339b2dca51615be049f594c14911fc4d8203623deee416b6fe881436e246fc7d49c97a2b3bf9c5f33ba774302b24190a1103d6b67d samba.logrotate
+"
--
GitLab