Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock X-Debbugs-Cc: sa...@packages.debian.org, pkg-samba-ma...@lists.alioth.debian.org Control: affects -1 + src:samba
Please unblock package samba [ Reason ] This is an easy one. There's a single patch from upstream applied to -2 debian release of samba package. Its only purpose is to rename a single internal-to-samba function which also exists in named. The prob is that when samba DLZ pluging is loaded into named, named crashes with high probability. There are 2 bug reports open about this, with high severity: #1036587, #927747. It's been too long, upstream identified this issue quite some time too, but the fix were fogotten. Now we have a chance to have working DNS with samba and the only real supported nameserver. [ Impact ] If the unblock isn't granted, we'll have non-working DNS with named as we had before. It is probably not a huge deal since it was broken for a very long time, but it is definitely worth to fix. Either way this fix will be in next upstream stable/bugfix release, and I'll push it to stable-proposed-updates, - so it is not exactly necessary to unblock this release. [ Tests ] This release passes usual samba testsuite (run locally). [ Risks ] I don't expect any breakage here since the whole thing is a global search-n-replace of one internally used symbol to another, and I verified there's no other usages of this symbol left. [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing unblock samba/2:4.17.8+dfsg-2 diff -Nru samba-4.17.8+dfsg/debian/changelog samba-4.17.8+dfsg/debian/changelog --- samba-4.17.8+dfsg/debian/changelog 2023-05-11 10:52:40.000000000 +0300 +++ samba-4.17.8+dfsg/debian/changelog 2023-05-24 22:54:43.000000000 +0300 @@ -1,3 +1,16 @@ +samba (2:4.17.8+dfsg-2) unstable; urgency=medium + + * dnsserver-rename-dns_name_equal.patch + (forgotten) patch from upstream targetting next stable + Fixes crashes of named with samba DLZ plugin due to + symbol name conflict (dns_name_equal() function). + There's no resulting code changes, just a symbol + rename. + https://bugzilla.samba.org/show_bug.cgi?id=14030 + Closes: #1036587, #927747 + + -- Michael Tokarev <m...@tls.msk.ru> Wed, 24 May 2023 22:54:43 +0300 + samba (2:4.17.8+dfsg-1) unstable; urgency=medium * upstream stable/security/bugfix release, fixing the following issues: diff -Nru samba-4.17.8+dfsg/debian/patches/dnsserver-rename-dns_name_equal.patch samba-4.17.8+dfsg/debian/patches/dnsserver-rename-dns_name_equal.patch --- samba-4.17.8+dfsg/debian/patches/dnsserver-rename-dns_name_equal.patch 1970-01-01 03:00:00.000000000 +0300 +++ samba-4.17.8+dfsg/debian/patches/dnsserver-rename-dns_name_equal.patch 2023-05-24 22:54:43.000000000 +0300 @@ -0,0 +1,255 @@ +Commit-Id: fcecdfa8e5c651d4a27f8fcd5df6e9bce37ed8a7 +From: Samuel Cabrero <scabr...@samba.org> +Date: Wed, 18 Jan 2023 17:25:29 +0100 +Subject: s4:dnsserver: Rename dns_name_equal() to samba_dns_name_equal() +Bug-Debian: https://bugs.debian.org/1036587 +Bug-Debian: https://bugs.debian.org/927747 +Bug: https://bugzilla.samba.org/show_bug.cgi?id=14030 + +This function already exists in bind9 but takes different arguments, so when +the DLZ is loaded and this function is called bind crashes: + + named[1523]: samba_dlz: allowing update of signer=DESKTOP-8BUKMBK\$\@AFOREST.AD name=118.101.168.192.in-addr.arpa tcpaddr=192.168.101.118 type=PTR key=1264-ms-7.1-2ac9.9ef238e1-9747-11ed-9f95-525400dc6981/159/0 + named[1523]: samba_dlz: allowing update of signer=DESKTOP-8BUKMBK\$\@AFOREST.AD name=118.101.168.192.in-addr.arpa tcpaddr=192.168.101.118 type=PTR key=1264-ms-7.1-2ac9.9ef238e1-9747-11ed-9f95-525400dc6981/159/0 + named[1523]: client @0x7f26caa90f68 192.168.101.118#58223/key DESKTOP-8BUKMBK\$\@AFOREST.AD: updating zone '101.168.192.in-addr.arpa/NONE': deleting rrset at '118.101.168.192.in-addr.ar + named[1523]: name.c:664: REQUIRE(((name1) != ((void *)0) && ((const isc__magic_t *)(name1))->magic == ((('D') << 24 | ('N') << 16 | ('S') << 8 | ('n'))))) failed, back trace + +Backtrace: + + #0 0x00007f2716c957ec in __pthread_kill_implementation () from /lib64/libc.so.6 + #1 0x00007f2716c42816 in raise () from /lib64/libc.so.6 + #2 0x00007f2716c2b81c in abort () from /lib64/libc.so.6 + #3 0x000055d4de847995 in assertion_failed (file=<optimized out>, line=<optimized out>, + type=<optimized out>, cond=<optimized out>) at /usr/src/debug/bind-9.18.10/bin/named/main.c:237 + #4 0x00007f27176388fc in isc_assertion_failed (file=file@entry=0x7f27173b0df6 "name.c", + line=line@entry=664, type=type@entry=isc_assertiontype_require, + cond=cond@entry=0x7f27173b0268 "((name1) != ((void *)0) && ((const isc__magic_t *)(name1))->magic == ((('D') << 24 | ('N') << 16 | ('S') << 8 | ('n'))))") + at /usr/src/debug/bind-9.18.10/lib/isc/assertions.c:48 + #5 0x00007f27172946f9 in dns_name_equal (name1=<optimized out>, name2=<optimized out>) + at /usr/src/debug/bind-9.18.10/lib/dns/name.c:664 + + **** Here bind's dns_name_equal() is called instead of samba's dns_name_equal() **** + + #6 0x00007f27077ad6f2 in dns_record_match (rec1=0x7f26f8042d70, rec2=0x7f26f8044d10) + at ../../source4/dns_server/dnsserver_common.c:1346 + #7 0x00007f271404732c in b9_record_match (rec1=0x7f26f8042d70, rec2=0x7f26f8044d10) + at ../../source4/dns_server/dlz_bind9.c:1830 + #8 0x00007f2714047daa in dlz_subrdataset (name=0x7f2706ff82f0 "118.101.168.192.in-addr.arpa", + rdatastr=0x7f26c9c10000 "118.101.168.192.in-addr.arpa.\t1200\tIN\tPTR\tDESKTOP-8BUKMBK.aforest.ad.", + dbdata=0x7f271003d300, version=0x7f26f8044b20) at ../../source4/dns_server/dlz_bind9.c:2077 + #9 0x000055d4de84afb4 in dlopen_dlz_subrdataset (name=0x7f2706ff82f0 "118.101.168.192.in-addr.arpa", + rdatastr=<optimized out>, driverarg=<optimized out>, dbdata=0x7f270430f680, version=<optimized out>) + at /usr/src/debug/bind-9.18.10/bin/named/dlz_dlopen_driver.c:483 + #10 0x00007f271738e734 in modrdataset.constprop.0 (db=0x7f2704291740, node=0x7f26c9c006e0, + version=0x7f26f8044b20, rdataset=0x7f2706ff8830, + mod_function=0x55d4de84af80 <dlopen_dlz_subrdataset>, options=<optimized out>) + at /usr/src/debug/bind-9.18.10/lib/dns/sdlz.c:1107 + #11 0x00007f2717251855 in diff_apply (diff=diff@entry=0x7f2706ff8df0, db=db@entry=0x7f2704291740, + ver=ver@entry=0x7f26f8044b20, warn=warn@entry=true) at /usr/src/debug/bind-9.18.10/lib/dns/diff.c:370 + #12 0x00007f2717251c8a in dns_diff_apply (diff=diff@entry=0x7f2706ff8df0, db=db@entry=0x7f2704291740, + ver=ver@entry=0x7f26f8044b20) at /usr/src/debug/bind-9.18.10/lib/dns/diff.c:465 + #13 0x00007f2717d105aa in do_one_tuple (tuple=tuple@entry=0x7f2706ff8e50, db=db@entry=0x7f2704291740, + ver=ver@entry=0x7f26f8044b20, diff=diff@entry=0x7f2706ff9400) + at /usr/src/debug/bind-9.18.10/lib/ns/update.c:454 + #14 0x00007f2717d10fff in update_one_rr (rdata=0x7f2706ff8ee8, ttl=<optimized out>, + name=<optimized out>, op=DNS_DIFFOP_DEL, diff=0x7f2706ff9400, ver=0x7f26f8044b20, db=0x7f2704291740) + at /usr/src/debug/bind-9.18.10/lib/ns/update.c:505 + #15 delete_if_action (data=<optimized out>, rr=0x7f2706ff8ee0) + at /usr/src/debug/bind-9.18.10/lib/ns/update.c:1427 + #16 0x00007f2717d10ccd in foreach_rr (db=0x7f2704291740, ver=<optimized out>, name=0x7f26caa61d00, + type=<optimized out>, covers=<optimized out>, + rr_action=rr_action@entry=0x7f2717d10f60 <delete_if_action>, rr_action_data=0x7f2706ff9280) + at /usr/src/debug/bind-9.18.10/lib/ns/update.c:736 + #17 0x00007f2717d10e76 in delete_if (predicate=predicate@entry=0x7f2717d0fb10 <true_p>, + db=<optimized out>, ver=<optimized out>, name=<optimized out>, type=<optimized out>, + covers=<optimized out>, update_rr=0x7f2706ff94b0, diff=0x7f2706ff9400) + at /usr/src/debug/bind-9.18.10/lib/ns/update.c:1454 + #18 0x00007f2717d1bccd in update_action (task=<optimized out>, event=<optimized out>) + at /usr/src/debug/bind-9.18.10/lib/ns/update.c:3299 + #19 0x00007f271765eb4c in task_run (task=0x7f27155ccf00) + at /usr/src/debug/bind-9.18.10/lib/isc/task.c:823 + #20 isc_task_run (task=0x7f27155ccf00) at /usr/src/debug/bind-9.18.10/lib/isc/task.c:904 + #21 0x00007f271762cb12 in isc__nm_async_task (worker=0x7f2716236560, ev0=0x7f26caa07000) + at netmgr/netmgr.c:840 + #22 process_netievent (worker=worker@entry=0x7f2716236560, ievent=0x7f26caa07000) at netmgr/netmgr.c:918 + #23 0x00007f271762d197 in process_queue (worker=worker@entry=0x7f2716236560, + type=type@entry=NETIEVENT_TASK) at netmgr/netmgr.c:1011 + #24 0x00007f271762d3b3 in process_all_queues (worker=0x7f2716236560) at netmgr/netmgr.c:765 + #25 async_cb (handle=0x7f27162368c0) at netmgr/netmgr.c:794 + #26 0x00007f2717c4cb0d in uv__async_io (loop=0x7f2716236570, w=<optimized out>, events=<optimized out>) + at src/unix/async.c:163 + #27 0x00007f2717c6825d in uv__io_poll (loop=0x7f2716236570, timeout=<optimized out>) + at src/unix/epoll.c:374 + #28 0x00007f2717c5247a in uv__io_poll (timeout=<optimized out>, loop=0x7f2716236570) + at src/unix/udp.c:122 + #29 uv_run (loop=loop@entry=0x7f2716236570, mode=mode@entry=UV_RUN_DEFAULT) at src/unix/core.c:406 + #30 0x00007f271762d834 in nm_thread (worker0=0x7f2716236560) at netmgr/netmgr.c:696 + #31 0x00007f27176627f5 in isc__trampoline_run (arg=0x55d4dfe3ad70) + at /usr/src/debug/bind-9.18.10/lib/isc/trampoline.c:189 + #32 0x00007f2716c9398d in start_thread () from /lib64/libc.so.6 + #33 0x00007f2716d19344 in clone () from /lib64/libc.so.6 + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=14030 + +Signed-off-by: Samuel Cabrero <scabr...@samba.org> +Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz> + +Autobuild-User(master): Samuel Cabrero <scabr...@samba.org> +Autobuild-Date(master): Thu Jan 19 10:20:27 UTC 2023 on atb-devel-224 +--- + source4/dns_server/dns_crypto.c | 2 +- + source4/dns_server/dns_update.c | 4 ++-- + source4/dns_server/dnsserver_common.c | 21 +++++++++++++-------- + source4/dns_server/dnsserver_common.h | 2 +- + source4/rpc_server/dnsserver/dnsutils.c | 2 +- + source4/torture/dns/dlz_bind9.c | 8 ++++---- + 6 files changed, 22 insertions(+), 17 deletions(-) + +diff --git a/source4/dns_server/dns_crypto.c b/source4/dns_server/dns_crypto.c +index 6d2b8648757..b38eb8b13bb 100644 +--- a/source4/dns_server/dns_crypto.c ++++ b/source4/dns_server/dns_crypto.c +@@ -81,7 +81,7 @@ struct dns_server_tkey *dns_find_tkey(struct dns_server_tkey_store *store, + if (tmp_key == NULL) { + continue; + } +- if (dns_name_equal(name, tmp_key->name)) { ++ if (samba_dns_name_equal(name, tmp_key->name)) { + tkey = tmp_key; + break; + } +diff --git a/source4/dns_server/dns_update.c b/source4/dns_server/dns_update.c +index 2d5f353671e..7b87dc6c6e3 100644 +--- a/source4/dns_server/dns_update.c ++++ b/source4/dns_server/dns_update.c +@@ -593,7 +593,7 @@ static WERROR handle_one_update(struct dns_server *dns, + * work out if the node as a whole needs tombstoning. + */ + if (update->rr_type == DNS_QTYPE_ALL) { +- if (dns_name_equal(update->name, zone->name)) { ++ if (samba_dns_name_equal(update->name, zone->name)) { + for (i = first; i < rcount; i++) { + + if (recs[i].wType == DNS_TYPE_SOA) { +@@ -617,7 +617,7 @@ static WERROR handle_one_update(struct dns_server *dns, + } + } + +- } else if (dns_name_equal(update->name, zone->name)) { ++ } else if (samba_dns_name_equal(update->name, zone->name)) { + + if (update->rr_type == DNS_QTYPE_SOA) { + return WERR_OK; +diff --git a/source4/dns_server/dnsserver_common.c b/source4/dns_server/dnsserver_common.c +index 03f76d4a871..0481b0715c7 100644 +--- a/source4/dns_server/dnsserver_common.c ++++ b/source4/dns_server/dnsserver_common.c +@@ -1331,7 +1331,8 @@ bool dns_record_match(struct dnsp_DnssrvRpcRecord *rec1, + return memcmp(&rec1_in_addr6, &rec2_in_addr6, sizeof(rec1_in_addr6)) == 0; + } + case DNS_TYPE_CNAME: +- return dns_name_equal(rec1->data.cname, rec2->data.cname); ++ return samba_dns_name_equal(rec1->data.cname, ++ rec2->data.cname); + case DNS_TYPE_TXT: + if (rec1->data.txt.count != rec2->data.txt.count) { + return false; +@@ -1343,23 +1344,27 @@ bool dns_record_match(struct dnsp_DnssrvRpcRecord *rec1, + } + return true; + case DNS_TYPE_PTR: +- return dns_name_equal(rec1->data.ptr, rec2->data.ptr); ++ return samba_dns_name_equal(rec1->data.ptr, rec2->data.ptr); + case DNS_TYPE_NS: +- return dns_name_equal(rec1->data.ns, rec2->data.ns); ++ return samba_dns_name_equal(rec1->data.ns, rec2->data.ns); + + case DNS_TYPE_SRV: + return rec1->data.srv.wPriority == rec2->data.srv.wPriority && + rec1->data.srv.wWeight == rec2->data.srv.wWeight && + rec1->data.srv.wPort == rec2->data.srv.wPort && +- dns_name_equal(rec1->data.srv.nameTarget, rec2->data.srv.nameTarget); ++ samba_dns_name_equal(rec1->data.srv.nameTarget, ++ rec2->data.srv.nameTarget); + + case DNS_TYPE_MX: + return rec1->data.mx.wPriority == rec2->data.mx.wPriority && +- dns_name_equal(rec1->data.mx.nameTarget, rec2->data.mx.nameTarget); ++ samba_dns_name_equal(rec1->data.mx.nameTarget, ++ rec2->data.mx.nameTarget); + + case DNS_TYPE_SOA: +- return dns_name_equal(rec1->data.soa.mname, rec2->data.soa.mname) && +- dns_name_equal(rec1->data.soa.rname, rec2->data.soa.rname) && ++ return samba_dns_name_equal(rec1->data.soa.mname, ++ rec2->data.soa.mname) && ++ samba_dns_name_equal(rec1->data.soa.rname, ++ rec2->data.soa.rname) && + rec1->data.soa.serial == rec2->data.soa.serial && + rec1->data.soa.refresh == rec2->data.soa.refresh && + rec1->data.soa.retry == rec2->data.soa.retry && +@@ -1485,7 +1490,7 @@ exit: + /* + see if two DNS names are the same + */ +-bool dns_name_equal(const char *name1, const char *name2) ++bool samba_dns_name_equal(const char *name1, const char *name2) + { + size_t len1 = strlen(name1); + size_t len2 = strlen(name2); +diff --git a/source4/dns_server/dnsserver_common.h b/source4/dns_server/dnsserver_common.h +index c3ba369e3bf..a0c1065ae58 100644 +--- a/source4/dns_server/dnsserver_common.h ++++ b/source4/dns_server/dnsserver_common.h +@@ -76,7 +76,7 @@ WERROR dns_common_name2dn(struct ldb_context *samdb, + TALLOC_CTX *mem_ctx, + const char *name, + struct ldb_dn **_dn); +-bool dns_name_equal(const char *name1, const char *name2); ++bool samba_dns_name_equal(const char *name1, const char *name2); + + bool dns_record_match(struct dnsp_DnssrvRpcRecord *rec1, + struct dnsp_DnssrvRpcRecord *rec2); +diff --git a/source4/rpc_server/dnsserver/dnsutils.c b/source4/rpc_server/dnsserver/dnsutils.c +index 56b2690aa95..2c56946b0f6 100644 +--- a/source4/rpc_server/dnsserver/dnsutils.c ++++ b/source4/rpc_server/dnsserver/dnsutils.c +@@ -311,7 +311,7 @@ struct dnsserver_zone *dnsserver_find_zone(struct dnsserver_zone *zones, const c + struct dnsserver_zone *z = NULL; + + for (z = zones; z; z = z->next) { +- if (dns_name_equal(zone_name, z->name)) { ++ if (samba_dns_name_equal(zone_name, z->name)) { + break; + } + } +diff --git a/source4/torture/dns/dlz_bind9.c b/source4/torture/dns/dlz_bind9.c +index 1f330106a98..f15671e370c 100644 +--- a/source4/torture/dns/dlz_bind9.c ++++ b/source4/torture/dns/dlz_bind9.c +@@ -414,18 +414,18 @@ static bool dlz_bind9_putnamedrr_torture_hook(struct test_expected_rr *expected, + } else if (strcmp(type, "cname") == 0 || + strcmp(type, "ptr") == 0 || + strcmp(type, "ns") == 0) { +- if (! dns_name_equal(data, data2)) { ++ if (!samba_dns_name_equal(data, data2)) { + continue; + } + } else if (strcmp(type, "mx") == 0) { + /* +- * dns_name_equal works for MX records because +- * the space in "10 example.com." is ++ * samba_dns_name_equal works for MX records ++ * because the space in "10 example.com." is + * theoretically OK as a DNS character. And we + * need it because dlz will add the trailing + * dot. + */ +- if (! dns_name_equal(data, data2)) { ++ if (!samba_dns_name_equal(data, data2)) { + continue; + } + } else if (strcmp(data, data2) != 0) { +-- +2.39.2 + diff -Nru samba-4.17.8+dfsg/debian/patches/series samba-4.17.8+dfsg/debian/patches/series --- samba-4.17.8+dfsg/debian/patches/series 2023-05-11 10:47:39.000000000 +0300 +++ samba-4.17.8+dfsg/debian/patches/series 2023-05-24 22:53:18.000000000 +0300 @@ -23,3 +23,4 @@ meaningful-error-if-no-samba-ad-provision.patch meaningful-error-if-no-python3-markdown.patch ctdb-use-run-instead-of-var-run.patch +dnsserver-rename-dns_name_equal.patch
