diff options
author | Hitendra Prajapati <hprajapati@mvista.com> | 2023-11-30 10:32:35 +0530 |
---|---|---|
committer | Armin Kuster <akuster808@gmail.com> | 2023-12-17 15:36:42 -0500 |
commit | ed41cf1357f13acb0311b5c768558df55bc37128 (patch) | |
tree | 2286145750d1b71673a72e5c4cadee88663f3ab3 | |
parent | cbf044b8a417a8d7d1d753fc3b8fdadbeb5d7446 (diff) | |
download | meta-openembedded-ed41cf1357f13acb0311b5c768558df55bc37128.tar.gz |
samba: fix CVE-2023-42669 denial of service
Upstream-Status: Backport from https://www.samba.org/samba/ftp/patches/security/samba-4.17.12-security-2023-10-10.patch
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
-rw-r--r-- | meta-networking/recipes-connectivity/samba/samba/CVE-2023-42669.patch | 93 | ||||
-rw-r--r-- | meta-networking/recipes-connectivity/samba/samba_4.10.18.bb | 1 |
2 files changed, 94 insertions, 0 deletions
diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2023-42669.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-42669.patch new file mode 100644 index 000000000..0d1cbe5ad --- /dev/null +++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-42669.patch | |||
@@ -0,0 +1,93 @@ | |||
1 | From 3f62a590b02bf4c888a995017e2575d3b2ec6ac9 Mon Sep 17 00:00:00 2001 | ||
2 | From: Andrew Bartlett <abartlet@samba.org> | ||
3 | Date: Tue, 12 Sep 2023 18:59:44 +1200 | ||
4 | Subject: [PATCH] CVE-2023-42669 s4-rpc_server: Disable rpcecho server by | ||
5 | default | ||
6 | |||
7 | The rpcecho server is useful in development and testing, but should never | ||
8 | have been allowed into production, as it includes the facility to | ||
9 | do a blocking sleep() in the single-threaded rpc worker. | ||
10 | |||
11 | BUG: https://bugzilla.samba.org/show_bug.cgi?id=15474 | ||
12 | |||
13 | Signed-off-by: Andrew Bartlett <abartlet@samba.org> | ||
14 | |||
15 | Upstream-Status: Backport [https://www.samba.org/samba/ftp/patches/security/samba-4.17.12-security-2023-10-10.patch] | ||
16 | CVE: CVE-2023-42669 | ||
17 | Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> | ||
18 | --- | ||
19 | docs-xml/smbdotconf/protocol/dcerpcendpointservers.xml | 2 +- | ||
20 | lib/param/loadparm.c | 2 +- | ||
21 | selftest/target/Samba4.pm | 2 +- | ||
22 | source3/param/loadparm.c | 2 +- | ||
23 | source4/rpc_server/wscript_build | 3 ++- | ||
24 | 5 files changed, 6 insertions(+), 5 deletions(-) | ||
25 | |||
26 | diff --git a/docs-xml/smbdotconf/protocol/dcerpcendpointservers.xml b/docs-xml/smbdotconf/protocol/dcerpcendpointservers.xml | ||
27 | index 8a217cc..c6642b7 100644 | ||
28 | --- a/docs-xml/smbdotconf/protocol/dcerpcendpointservers.xml | ||
29 | +++ b/docs-xml/smbdotconf/protocol/dcerpcendpointservers.xml | ||
30 | @@ -6,6 +6,6 @@ | ||
31 | <para>Specifies which DCE/RPC endpoint servers should be run.</para> | ||
32 | </description> | ||
33 | |||
34 | -<value type="default">epmapper, wkssvc, rpcecho, samr, netlogon, lsarpc, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey, dnsserver</value> | ||
35 | +<value type="default">epmapper, wkssvc, samr, netlogon, lsarpc, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey, dnsserver</value> | ||
36 | <value type="example">rpcecho</value> | ||
37 | </samba:parameter> | ||
38 | diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c | ||
39 | index 4c3dfff..db4ae5e 100644 | ||
40 | --- a/lib/param/loadparm.c | ||
41 | +++ b/lib/param/loadparm.c | ||
42 | @@ -2653,7 +2653,7 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx) | ||
43 | lpcfg_do_global_parameter(lp_ctx, "ntvfs handler", "unixuid default"); | ||
44 | lpcfg_do_global_parameter(lp_ctx, "max connections", "0"); | ||
45 | |||
46 | - lpcfg_do_global_parameter(lp_ctx, "dcerpc endpoint servers", "epmapper wkssvc rpcecho samr netlogon lsarpc drsuapi dssetup unixinfo browser eventlog6 backupkey dnsserver"); | ||
47 | + lpcfg_do_global_parameter(lp_ctx, "dcerpc endpoint servers", "epmapper wkssvc samr netlogon lsarpc drsuapi dssetup unixinfo browser eventlog6 backupkey dnsserver"); | ||
48 | lpcfg_do_global_parameter(lp_ctx, "server services", "s3fs rpc nbt wrepl ldap cldap kdc drepl winbindd ntp_signd kcc dnsupdate dns"); | ||
49 | lpcfg_do_global_parameter(lp_ctx, "kccsrv:samba_kcc", "true"); | ||
50 | /* the winbind method for domain controllers is for both RODC | ||
51 | diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm | ||
52 | index a7a6c4c..ffa4b95 100755 | ||
53 | --- a/selftest/target/Samba4.pm | ||
54 | +++ b/selftest/target/Samba4.pm | ||
55 | @@ -773,7 +773,7 @@ sub provision_raw_step1($$) | ||
56 | wins support = yes | ||
57 | server role = $ctx->{server_role} | ||
58 | server services = +echo $services | ||
59 | - dcerpc endpoint servers = +winreg +srvsvc | ||
60 | + dcerpc endpoint servers = +winreg +srvsvc +rpcecho | ||
61 | notify:inotify = false | ||
62 | ldb:nosync = true | ||
63 | ldap server require strong auth = yes | ||
64 | diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c | ||
65 | index 0db44e9..b052d42 100644 | ||
66 | --- a/source3/param/loadparm.c | ||
67 | +++ b/source3/param/loadparm.c | ||
68 | @@ -877,7 +877,7 @@ static void init_globals(struct loadparm_context *lp_ctx, bool reinit_globals) | ||
69 | |||
70 | Globals.server_services = str_list_make_v3_const(NULL, "s3fs rpc nbt wrepl ldap cldap kdc drepl winbindd ntp_signd kcc dnsupdate dns", NULL); | ||
71 | |||
72 | - Globals.dcerpc_endpoint_servers = str_list_make_v3_const(NULL, "epmapper wkssvc rpcecho samr netlogon lsarpc drsuapi dssetup unixinfo browser eventlog6 backupkey dnsserver", NULL); | ||
73 | + Globals.dcerpc_endpoint_servers = str_list_make_v3_const(NULL, "epmapper wkssvc samr netlogon lsarpc drsuapi dssetup unixinfo browser eventlog6 backupkey dnsserver", NULL); | ||
74 | |||
75 | Globals.tls_enabled = true; | ||
76 | Globals.tls_verify_peer = TLS_VERIFY_PEER_AS_STRICT_AS_POSSIBLE; | ||
77 | diff --git a/source4/rpc_server/wscript_build b/source4/rpc_server/wscript_build | ||
78 | index 510335a..a95e070 100644 | ||
79 | --- a/source4/rpc_server/wscript_build | ||
80 | +++ b/source4/rpc_server/wscript_build | ||
81 | @@ -36,7 +36,8 @@ bld.SAMBA_MODULE('dcerpc_rpcecho', | ||
82 | source='echo/rpc_echo.c', | ||
83 | subsystem='dcerpc_server', | ||
84 | init_function='dcerpc_server_rpcecho_init', | ||
85 | - deps='ndr-standard events' | ||
86 | + deps='ndr-standard events', | ||
87 | + enabled=bld.CONFIG_GET('ENABLE_SELFTEST') | ||
88 | ) | ||
89 | |||
90 | |||
91 | -- | ||
92 | 2.25.1 | ||
93 | |||
diff --git a/meta-networking/recipes-connectivity/samba/samba_4.10.18.bb b/meta-networking/recipes-connectivity/samba/samba_4.10.18.bb index d7b586471..3b8da2b1c 100644 --- a/meta-networking/recipes-connectivity/samba/samba_4.10.18.bb +++ b/meta-networking/recipes-connectivity/samba/samba_4.10.18.bb | |||
@@ -30,6 +30,7 @@ SRC_URI = "${SAMBA_MIRROR}/stable/samba-${PV}.tar.gz \ | |||
30 | file://0001-nsswitch-nsstest.c-Avoid-nss-function-conflicts-with.patch \ | 30 | file://0001-nsswitch-nsstest.c-Avoid-nss-function-conflicts-with.patch \ |
31 | file://CVE-2020-14318.patch \ | 31 | file://CVE-2020-14318.patch \ |
32 | file://CVE-2020-14383.patch \ | 32 | file://CVE-2020-14383.patch \ |
33 | file://CVE-2023-42669.patch \ | ||
33 | " | 34 | " |
34 | SRC_URI_append_libc-musl = " \ | 35 | SRC_URI_append_libc-musl = " \ |
35 | file://samba-pam.patch \ | 36 | file://samba-pam.patch \ |