Date: Wed Sep 10 13:39:09 2003 Author: ab Update of /home/cvs/samba/source In directory dp.samba.org:/tmp/cvs-serv3495
Modified Files: Tag: SAMBA_3_0 configure.in Log Message: Now that CAN-2003-0689 is published officially, we need to make possible to build on systems with fixed getgrouplist() in GNU libc < 2.3.2. Unfortunately, we can't detect correctness of getgrouplist() functioning in portable way so this is left up to developer/packager. This patch adds --with-good-getgrouplist[=no] switch to configure which packagers on Linux platforms could use to specify in their own builds if they now that glibc on their platform is fixed w.r.t CAN-2003-0689. By default we still think that glibc is vulnerable and perform our version check. ** This patch does not change default behaviour in Samba 3.0 -- by default we are not vulnerable on glibc as we are not using getgrouplist() See http://www.securityfocus.com/bid/8477 for vulnerability description. Right now there are following Linux vendors released glibc updates for CAN-2003-0689: RedHat -- https://rhn.redhat.com/errata/RHSA-2003-249.html ALTLinux -- http://www.altlinux.com/index.php?module=sisyphus&package=glibc Revisions: configure.in 1.300.2.163 => 1.300.2.164 http://www.samba.org/cgi-bin/cvsweb/samba/source/configure.in.diff?r1=1.300.2.163&r2=1.300.2.164