[Bug 273595] net/samba413: back port security patches from 4.6.11

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: <bugzilla-noreply_at_freebsd.org>
Date: Wed, 06 Sep 2023 10:55:18 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=273595

            Bug ID: 273595
           Summary: net/samba413: back port security patches from 4.6.11
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: Individual Port(s)
          Assignee: timur@FreeBSD.org
          Reporter: michael.osipov@siemens.com
             Flags: maintainer-feedback?(timur@FreeBSD.org)
          Assignee: timur@FreeBSD.org

Created attachment 244676
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=244676&action=edit
Git-formatted patch

pkg-audit nags me about:
https://vuxml.freebsd.org/freebsd/441e1e1a-27a5-11ee-a156-080027f5fec9.html
I tried to produce a reasonable patch for 4.13.x for the time being. Started
from https://www.samba.org/samba/history/#4.18.5 using 4.16.11 as a foundation
based on: https://www.samba.org/samba/history/samba-4.16.11.html.

Cloned the repo and checked out v4-16-stable, search for all commits with those
CVEs:
# git log --oneline "--grep=CVE-2022-2127" "--grep=CVE-2023-3347"
"--grep=CVE-2023-34966" "--grep=CVE-2023-34967" "--grep=CVE-2023-34968"
1809843614b CVE-2023-34968: mdssvc: return a fake share path
cecd415a0ab CVE-2023-34968: mdscli: return share relative paths
d6b9c5234ff CVE-2023-34968: mdssvc: introduce an allocating wrapper to
sl_pack()
0fdfc85f28a CVE-2023-34968: mdssvc: switch to doing an early return
34f9f1b37ec CVE-2023-34968: mdssvc: remove response blob allocation
739f72a0703 CVE-2023-34968: rpcclient: remove response blob allocation
7bbaa191be6 CVE-2023-34968: smbtorture: remove response blob allocation in
mdssvc.c
82cc2a422db CVE-2023-34968: mdscli: remove response blob allocation
3636b54616e CVE-2023-34968: mdscli: use correct TALLOC memory context when
allocating spotlight_blob
8c95f7ae6b3 CVE-2023-34968: mdssvc: add missing "kMDSStoreMetaScopes" dict key
in slrpc_fetch_properties()
b09e22cfc79 CVE-2023-34968: mdssvc: cache and reuse stat info in struct
sl_inode_path_map
843ec381de3 CVE-2023-34968: lib: Move subdir_of() to source3/lib/util_path.c
5b4353cc60b CVE-2023-34967: mdssvc: add type checking to dalloc_value_for_key()
92d014bc44b CVE-2023-34967: CI: add a test for type checking of
dalloc_value_for_key()
cb6f3e22024 CVE-2023-34966: mdssvc: harden sl_unpack_loop()
01cf3cf7a83 CVE-2023-34966: CI: test for sl_unpack_loop()
2eabbe31f64 CVE-2022-2127: ntlm_auth: cap lanman response length value
5c6fe5a491b CVE-2022-2127: winbindd: Fix WINBINDD_PAM_AUTH_CRAP length checks
1dd3ae281b9 CVE-2022-2127: s3:winbind: Move big NTLMv2 blob checks to parent
process

Then branched off v-4-13-stable and started to cherry pick from 1dd3ae281b9 to
1809843614b. There were a few conflicts I had to resolve. Looking at the code
in 4.16.x and 4.13.x I hopefully made the right decisions to pick hunks and
produced a series of patches with "git format-patch". Attached you will find a
Git-formatted patch with the necessary changes in the Makefile as will as the
back-ported security fixes in EXTRA_PATCHES.

Please try to reproduce the patches and check whether I have resolved the
conflicts correctly.

Poudriere pending...

-- 
You are receiving this mail because:
You are the assignee for the bug.