Hauke Mehrtens e88e0ace7a ksmbd: Fix ZDI-CAN-18259
This fixes a security problem in ksmbd. It currently has the
ZDI-CAN-18259 ID assigned, but no CVE yet.

Backported from:
8824b7af40
cc4f3b5a6a

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 76c67fcc66116381c69439f20159b636573080ba)
2023-01-11 22:10:25 +01:00

74 lines
1.9 KiB
Makefile

include $(TOPDIR)/rules.mk
PKG_NAME:=ksmbd
PKG_VERSION:=3.4.6
PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/cifsd-team/cifsd/tar.gz/$(PKG_VERSION)?
PKG_HASH:=d742992692dbe164060d2a0ea668895ed2b86252f10427db3d3a002df44c445b
PKG_LICENSE:=GPL-2.0-or-later
PKG_LICENSE_FILES:=COPYING
include $(INCLUDE_DIR)/kernel.mk
include $(INCLUDE_DIR)/package.mk
TAR_OPTIONS+= --strip-components 1
TAR_CMD=$(HOST_TAR) -C $(1) $(TAR_OPTIONS)
define KernelPackage/fs-ksmbd
SUBMENU:=Filesystems
TITLE:=SMB kernel server support
URL:=https://github.com/cifsd-team/cifsd
FILES:=$(PKG_BUILD_DIR)/ksmbd.ko
DEPENDS:= \
+kmod-nls-base \
+kmod-nls-utf8 \
+kmod-crypto-md4 \
+kmod-crypto-md5 \
+kmod-crypto-hmac \
+kmod-crypto-ecb \
+kmod-crypto-des \
+kmod-crypto-sha256 \
+kmod-crypto-cmac \
+kmod-crypto-sha512 \
+kmod-crypto-aead \
+kmod-crypto-ccm \
+kmod-crypto-gcm \
+kmod-asn1-decoder \
+kmod-oid-registry
endef
# The last two DEPENDS are hacks in order to get CONFIG_ASN1 and CONFIG_OID_REGISTRY
# which it seems can't be selected independently. Some bug in either base or upstream.
define KernelPackage/fs-ksmbd/description
Ksmbd is an In-kernel SMBv(1)2/3 fileserver.
It's an implementation of the SMB protocol in kernel space for sharing files and IPC services over network.
endef
define KernelPackage/fs-ksmbd/config
config KSMBD_SMB_INSECURE_SERVER
bool "Support for insecure SMB1/CIFS and SMB2.0 protocols"
depends on PACKAGE_kmod-fs-ksmbd
help
This enables deprecated insecure protocols dialects: SMB1/CIFS and SMB2.0.
default y
endef
ifeq ($(CONFIG_KSMBD_SMB_INSECURE_SERVER),y)
PKG_EXTRA_KCONFIG:=CONFIG_SMB_INSECURE_SERVER=y
EXTRA_CFLAGS += -DCONFIG_SMB_INSECURE_SERVER=1
endif
define Build/Compile
$(KERNEL_MAKE) M="$(PKG_BUILD_DIR)" \
EXTRA_CFLAGS="$(EXTRA_CFLAGS)" \
$(PKG_EXTRA_KCONFIG) \
CONFIG_SMB_SERVER=m \
modules
endef
$(eval $(call KernelPackage,fs-ksmbd))