[SCM] Samba Shared Repository - branch v4-6-test updated

Karolin Seeger kseeger at samba.org
Mon Jul 3 13:16:03 UTC 2017


The branch, v4-6-test has been updated
       via  cb6771c ldb: protect Samba < 4.7 against incompatible ldb versions and require ldb < 1.2.0
       via  85dbd4d wafsamba: add maxversion and version_blacklist to CHECK_BUNDLED_SYSTEM[_PKG]()
       via  a971f23 s3:gse_krb5: fix a possible crash in fill_mem_keytab_from_system_keytab()
      from  eb587fb selftest: Also wait for winbindd to start

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-6-test


- Log -----------------------------------------------------------------
commit cb6771c88a2284d1bbc99e1b2ef0e40717882ffa
Author: Stefan Metzmacher <metze at samba.org>
Date:   Fri Jun 30 06:24:01 2017 +0200

    ldb: protect Samba < 4.7 against incompatible ldb versions and require ldb < 1.2.0
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=12859
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    
    Autobuild-User(v4-6-test): Karolin Seeger <kseeger at samba.org>
    Autobuild-Date(v4-6-test): Mon Jul  3 15:15:14 CEST 2017 on sn-devel-144

commit 85dbd4dc6e8c00a8f3f3912fac86278d80a868da
Author: Stefan Metzmacher <metze at samba.org>
Date:   Fri Jun 30 06:21:32 2017 +0200

    wafsamba: add maxversion and version_blacklist to CHECK_BUNDLED_SYSTEM[_PKG]()
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=12859
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>
    (cherry picked from commit 4ca48ee4d060f773dcdf9f78a5e4c1b1263b61f4)

commit a971f23c05e849d4930ce470b12c8f5ea3172390
Author: Michael Saxl <mike at mwsys.mine.bz>
Date:   Sat Jun 24 13:41:48 2017 +0200

    s3:gse_krb5: fix a possible crash in fill_mem_keytab_from_system_keytab()
    
    If the keytab file isn't readable, we may call
    krb5_kt_end_seq_get() with an invalid kt_cursor.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=10490
    
    Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
    
    Signed-off-by: Michael Saxl <mike at mwsys.mine.bz>
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>
    (cherry picked from commit a9780a2eaa9cba4ab87cc3371d97fa494fa0198c)

-----------------------------------------------------------------------

Summary of changes:
 buildtools/wafsamba/samba_bundled.py | 21 +++++++++++++++++++--
 lib/ldb/wscript                      | 19 +++++++++++++++++--
 source3/librpc/crypto/gse_krb5.c     |  8 ++++++++
 3 files changed, 44 insertions(+), 4 deletions(-)


Changeset truncated at 500 lines:

diff --git a/buildtools/wafsamba/samba_bundled.py b/buildtools/wafsamba/samba_bundled.py
index ea88807..aa6199e 100644
--- a/buildtools/wafsamba/samba_bundled.py
+++ b/buildtools/wafsamba/samba_bundled.py
@@ -110,6 +110,7 @@ def LIB_MUST_BE_PRIVATE(conf, libname):
 
 @conf
 def CHECK_BUNDLED_SYSTEM_PKG(conf, libname, minversion='0.0.0',
+        maxversion=None, version_blacklist=[],
         onlyif=None, implied_deps=None, pkg=None):
     '''check if a library is available as a system library.
 
@@ -117,12 +118,15 @@ def CHECK_BUNDLED_SYSTEM_PKG(conf, libname, minversion='0.0.0',
     '''
     return conf.CHECK_BUNDLED_SYSTEM(libname,
                                      minversion=minversion,
+                                     maxversion=maxversion,
+                                     version_blacklist=version_blacklist,
                                      onlyif=onlyif,
                                      implied_deps=implied_deps,
                                      pkg=pkg)
 
 @conf
 def CHECK_BUNDLED_SYSTEM(conf, libname, minversion='0.0.0',
+                         maxversion=None, version_blacklist=[],
                          checkfunctions=None, headers=None, checkcode=None,
                          onlyif=None, implied_deps=None,
                          require_headers=True, pkg=None, set_target=True):
@@ -181,16 +185,29 @@ def CHECK_BUNDLED_SYSTEM(conf, libname, minversion='0.0.0',
     minversion = minimum_library_version(conf, libname, minversion)
 
     msg = 'Checking for system %s' % libname
+    msg_ver = []
     if minversion != '0.0.0':
-        msg += ' >= %s' % minversion
+        msg_ver.append('>=%s' % minversion)
+    if maxversion is not None:
+        msg_ver.append('<=%s' % maxversion)
+    for v in version_blacklist:
+        msg_ver.append('!=%s' % v)
+    if msg_ver != []:
+        msg += " (%s)" % (" ".join(msg_ver))
 
     uselib_store=libname.upper()
     if pkg is None:
         pkg = libname
 
+    version_checks = '%s >= %s' % (pkg, minversion)
+    if maxversion is not None:
+        version_checks += ' %s <= %s' % (pkg, maxversion)
+    for v in version_blacklist:
+        version_checks += ' %s != %s' % (pkg, v)
+
     # try pkgconfig first
     if (conf.CHECK_CFG(package=pkg,
-                      args='"%s >= %s" --cflags --libs' % (pkg, minversion),
+                      args='"%s" --cflags --libs' % (version_checks),
                       msg=msg, uselib_store=uselib_store) and
         check_functions_headers_code()):
         if set_target:
diff --git a/lib/ldb/wscript b/lib/ldb/wscript
index 7f05db3..dd68d66 100755
--- a/lib/ldb/wscript
+++ b/lib/ldb/wscript
@@ -55,11 +55,26 @@ def configure(conf):
     conf.env.standalone_ldb = conf.IN_LAUNCH_DIR()
 
     if not conf.env.standalone_ldb:
-        if conf.CHECK_BUNDLED_SYSTEM_PKG('pyldb-util', minversion=VERSION,
+        #
+        # ldb >= 1.2.0 (as well as 1.1.30 and 1.1.31) are
+        # incompatible with Samba < 4.7
+        #
+        # See https://bugzilla.samba.org/show_bug.cgi?id=12859
+        #
+        maxversion = "1.1.99"
+        version_blacklist = ["1.1.30", "1.1.31"]
+
+        if conf.CHECK_BUNDLED_SYSTEM_PKG('pyldb-util',
+                                     minversion=VERSION,
+                                     maxversion=maxversion,
+                                     version_blacklist=version_blacklist,
                                      onlyif='talloc tdb tevent',
                                      implied_deps='replace talloc tdb tevent ldb'):
             conf.define('USING_SYSTEM_PYLDB_UTIL', 1)
-            if conf.CHECK_BUNDLED_SYSTEM_PKG('ldb', minversion=VERSION,
+            if conf.CHECK_BUNDLED_SYSTEM_PKG('ldb',
+                                         minversion=VERSION,
+                                         maxversion=maxversion,
+                                         version_blacklist=version_blacklist,
                                          onlyif='talloc tdb tevent pyldb-util',
                                          implied_deps='replace talloc tdb tevent'):
                 conf.define('USING_SYSTEM_LDB', 1)
diff --git a/source3/librpc/crypto/gse_krb5.c b/source3/librpc/crypto/gse_krb5.c
index 703d1b4..4dd39ea 100644
--- a/source3/librpc/crypto/gse_krb5.c
+++ b/source3/librpc/crypto/gse_krb5.c
@@ -437,6 +437,14 @@ static krb5_error_code fill_mem_keytab_from_system_keytab(krb5_context krbctx,
 	if (ret) {
 		DEBUG(1, (__location__ ": krb5_kt_start_seq_get failed (%s)\n",
 			  error_message(ret)));
+		/*
+		 * krb5_kt_start_seq_get() may leaves bogus data
+		 * in kt_cursor. And we want to use the all_zero()
+		 * logic below.
+		 *
+		 * See bug #10490
+		 */
+		ZERO_STRUCT(kt_cursor);
 		goto out;
 	}
 


-- 
Samba Shared Repository



More information about the samba-cvs mailing list