samba: fix CVE-2023-42669 denial of service

Upstream-Status: Backport from https://www.samba.org/samba/ftp/patches/security/samba-4.17.12-security-2023-10-10.patch Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
author: Hitendra Prajapati <hprajapati@mvista.com> 2023-11-30 10:32:35 +0530
committer: Armin Kuster <akuster808@gmail.com> 2023-12-17 15:36:42 -0500
commit: ed41cf1357f13acb0311b5c768558df55bc37128 (patch)
tree: 2286145750d1b71673a72e5c4cadee88663f3ab3
parent: cbf044b8a417a8d7d1d753fc3b8fdadbeb5d7446 (diff)
download: meta-openembedded-ed41cf1357f13acb0311b5c768558df55bc37128.tar.gz
2 files changed, 94 insertions, 0 deletions
diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2023-42669.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-42669.patch
new file mode 100644
index 0000000000..0d1cbe5ad4
--- /dev/null
+++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-42669.patch
@@ -0,0 +1,93 @@
+From 3f62a590b02bf4c888a995017e2575d3b2ec6ac9 Mon Sep 17 00:00:00 2001
+From: Andrew Bartlett <abartlet@samba.org>
+Date: Tue, 12 Sep 2023 18:59:44 +1200
+Subject: [PATCH] CVE-2023-42669 s4-rpc_server: Disable rpcecho server by
+ default
+The rpcecho server is useful in development and testing, but should never
+have been allowed into production, as it includes the facility to
+do a blocking sleep() in the single-threaded rpc worker.
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=15474
+Signed-off-by: Andrew Bartlett <abartlet@samba.org>
+Upstream-Status: Backport [https://www.samba.org/samba/ftp/patches/security/samba-4.17.12-security-2023-10-10.patch]
+CVE: CVE-2023-42669
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ docs-xml/smbdotconf/protocol/dcerpcendpointservers.xml | 2 +-
+ lib/param/loadparm.c                                   | 2 +-
+ selftest/target/Samba4.pm                              | 2 +-
+ source3/param/loadparm.c                               | 2 +-
+ source4/rpc_server/wscript_build                       | 3 ++-
+ 5 files changed, 6 insertions(+), 5 deletions(-)
+diff --git a/docs-xml/smbdotconf/protocol/dcerpcendpointservers.xml b/docs-xml/smbdotconf/protocol/dcerpcendpointservers.xml
+index 8a217cc..c6642b7 100644
+--- a/docs-xml/smbdotconf/protocol/dcerpcendpointservers.xml
+++ b/docs-xml/smbdotconf/protocol/dcerpcendpointservers.xml
+@@ -6,6 +6,6 @@
+        <para>Specifies which DCE/RPC endpoint servers should be run.</para>
+ </description>
+ 
+-<value type="default">epmapper, wkssvc, rpcecho, samr, netlogon, lsarpc, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey, dnsserver</value>
+<value type="default">epmapper, wkssvc, samr, netlogon, lsarpc, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey, dnsserver</value>
+ <value type="example">rpcecho</value>
+ </samba:parameter>
+diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c
+index 4c3dfff..db4ae5e 100644
+--- a/lib/param/loadparm.c
+++ b/lib/param/loadparm.c
+@@ -2653,7 +2653,7 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx)
+        lpcfg_do_global_parameter(lp_ctx, "ntvfs handler", "unixuid default");
+        lpcfg_do_global_parameter(lp_ctx, "max connections", "0");
+ 
+-       lpcfg_do_global_parameter(lp_ctx, "dcerpc endpoint servers", "epmapper wkssvc rpcecho samr netlogon lsarpc drsuapi dssetup unixinfo browser eventlog6 backupkey dnsserver");
+       lpcfg_do_global_parameter(lp_ctx, "dcerpc endpoint servers", "epmapper wkssvc samr netlogon lsarpc drsuapi dssetup unixinfo browser eventlog6 backupkey dnsserver");
+        lpcfg_do_global_parameter(lp_ctx, "server services", "s3fs rpc nbt wrepl ldap cldap kdc drepl winbindd ntp_signd kcc dnsupdate dns");
+        lpcfg_do_global_parameter(lp_ctx, "kccsrv:samba_kcc", "true");
+        /* the winbind method for domain controllers is for both RODC
+diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
+index a7a6c4c..ffa4b95 100755
+--- a/selftest/target/Samba4.pm
+++ b/selftest/target/Samba4.pm
+@@ -773,7 +773,7 @@ sub provision_raw_step1($$)
+        wins support = yes
+        server role = $ctx->{server_role}
+        server services = +echo $services
+-        dcerpc endpoint servers = +winreg +srvsvc
+        dcerpc endpoint servers = +winreg +srvsvc +rpcecho
+        notify:inotify = false
+        ldb:nosync = true
+        ldap server require strong auth = yes
+diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
+index 0db44e9..b052d42 100644
+--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
+@@ -877,7 +877,7 @@ static void init_globals(struct loadparm_context *lp_ctx, bool reinit_globals)
+ 
+        Globals.server_services = str_list_make_v3_const(NULL, "s3fs rpc nbt wrepl ldap cldap kdc drepl winbindd ntp_signd kcc dnsupdate dns", NULL);
+ 
+-       Globals.dcerpc_endpoint_servers = str_list_make_v3_const(NULL, "epmapper wkssvc rpcecho samr netlogon lsarpc drsuapi dssetup unixinfo browser eventlog6 backupkey dnsserver", NULL);
+       Globals.dcerpc_endpoint_servers = str_list_make_v3_const(NULL, "epmapper wkssvc samr netlogon lsarpc drsuapi dssetup unixinfo browser eventlog6 backupkey dnsserver", NULL);
+ 
+        Globals.tls_enabled = true;
+        Globals.tls_verify_peer = TLS_VERIFY_PEER_AS_STRICT_AS_POSSIBLE;
+diff --git a/source4/rpc_server/wscript_build b/source4/rpc_server/wscript_build
+index 510335a..a95e070 100644
+--- a/source4/rpc_server/wscript_build
+++ b/source4/rpc_server/wscript_build
+@@ -36,7 +36,8 @@ bld.SAMBA_MODULE('dcerpc_rpcecho',
+        source='echo/rpc_echo.c',
+        subsystem='dcerpc_server',
+        init_function='dcerpc_server_rpcecho_init',
+-       deps='ndr-standard events'
+        deps='ndr-standard events',
+        enabled=bld.CONFIG_GET('ENABLE_SELFTEST')
+        )
+ 
+ 
+-- 
+2.25.1
diff --git a/meta-networking/recipes-connectivity/samba/samba_4.10.18.bb b/meta-networking/recipes-connectivity/samba/samba_4.10.18.bb
index d7b5864715..3b8da2b1cb 100644
--- a/meta-networking/recipes-connectivity/samba/samba_4.10.18.bb
+++ b/meta-networking/recipes-connectivity/samba/samba_4.10.18.bb
@@ -30,6 +30,7 @@ SRC_URI = "${SAMBA_MIRROR}/stable/samba-${PV}.tar.gz \
           file://0001-nsswitch-nsstest.c-Avoid-nss-function-conflicts-with.patch \
           file://CVE-2020-14318.patch \
           file://CVE-2020-14383.patch \
+           file://CVE-2023-42669.patch \
           "
 SRC_URI_append_libc-musl = " \
           file://samba-pam.patch \
author	Hitendra Prajapati <hprajapati@mvista.com>	2023-11-30 10:32:35 +0530
committer	Armin Kuster <akuster808@gmail.com>	2023-12-17 15:36:42 -0500
commit	ed41cf1357f13acb0311b5c768558df55bc37128 (patch)
tree	2286145750d1b71673a72e5c4cadee88663f3ab3
parent	cbf044b8a417a8d7d1d753fc3b8fdadbeb5d7446 (diff)
download	meta-openembedded-ed41cf1357f13acb0311b5c768558df55bc37128.tar.gz

diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2023-42669.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-42669.patch new file mode 100644 index 0000000000..0d1cbe5ad4 --- /dev/null +++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-42669.patch
@@ -0,0 +1,93 @@
		1	From 3f62a590b02bf4c888a995017e2575d3b2ec6ac9 Mon Sep 17 00:00:00 2001
		2	From: Andrew Bartlett <abartlet@samba.org>
		3	Date: Tue, 12 Sep 2023 18:59:44 +1200
		4	Subject: [PATCH] CVE-2023-42669 s4-rpc_server: Disable rpcecho server by
		5	default
		6
		7	The rpcecho server is useful in development and testing, but should never
		8	have been allowed into production, as it includes the facility to
		9	do a blocking sleep() in the single-threaded rpc worker.
		10
		11	BUG: https://bugzilla.samba.org/show_bug.cgi?id=15474
		12
		13	Signed-off-by: Andrew Bartlett <abartlet@samba.org>
		14
		15	Upstream-Status: Backport [https://www.samba.org/samba/ftp/patches/security/samba-4.17.12-security-2023-10-10.patch]
		16	CVE: CVE-2023-42669
		17	Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
		18	---
		19	docs-xml/smbdotconf/protocol/dcerpcendpointservers.xml \| 2 +-
		20	lib/param/loadparm.c \| 2 +-
		21	selftest/target/Samba4.pm \| 2 +-
		22	source3/param/loadparm.c \| 2 +-
		23	source4/rpc_server/wscript_build \| 3 ++-
		24	5 files changed, 6 insertions(+), 5 deletions(-)
		25
		26	diff --git a/docs-xml/smbdotconf/protocol/dcerpcendpointservers.xml b/docs-xml/smbdotconf/protocol/dcerpcendpointservers.xml
		27	index 8a217cc..c6642b7 100644
		28	--- a/docs-xml/smbdotconf/protocol/dcerpcendpointservers.xml
		29	+++ b/docs-xml/smbdotconf/protocol/dcerpcendpointservers.xml
		30	@@ -6,6 +6,6 @@
		31	<para>Specifies which DCE/RPC endpoint servers should be run.</para>
		32	</description>
		33
		34	-<value type="default">epmapper, wkssvc, rpcecho, samr, netlogon, lsarpc, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey, dnsserver</value>
		35	+<value type="default">epmapper, wkssvc, samr, netlogon, lsarpc, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey, dnsserver</value>
		36	<value type="example">rpcecho</value>
		37	</samba:parameter>
		38	diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c
		39	index 4c3dfff..db4ae5e 100644
		40	--- a/lib/param/loadparm.c
		41	+++ b/lib/param/loadparm.c
		42	@@ -2653,7 +2653,7 @@ struct loadparm_context loadparm_init(TALLOC_CTX mem_ctx)
		43	lpcfg_do_global_parameter(lp_ctx, "ntvfs handler", "unixuid default");
		44	lpcfg_do_global_parameter(lp_ctx, "max connections", "0");
		45
		46	- lpcfg_do_global_parameter(lp_ctx, "dcerpc endpoint servers", "epmapper wkssvc rpcecho samr netlogon lsarpc drsuapi dssetup unixinfo browser eventlog6 backupkey dnsserver");
		47	+ lpcfg_do_global_parameter(lp_ctx, "dcerpc endpoint servers", "epmapper wkssvc samr netlogon lsarpc drsuapi dssetup unixinfo browser eventlog6 backupkey dnsserver");
		48	lpcfg_do_global_parameter(lp_ctx, "server services", "s3fs rpc nbt wrepl ldap cldap kdc drepl winbindd ntp_signd kcc dnsupdate dns");
		49	lpcfg_do_global_parameter(lp_ctx, "kccsrv:samba_kcc", "true");
		50	/* the winbind method for domain controllers is for both RODC
		51	diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
		52	index a7a6c4c..ffa4b95 100755
		53	--- a/selftest/target/Samba4.pm
		54	+++ b/selftest/target/Samba4.pm
		55	@@ -773,7 +773,7 @@ sub provision_raw_step1($$)
		56	wins support = yes
		57	server role = $ctx->{server_role}
		58	server services = +echo $services
		59	- dcerpc endpoint servers = +winreg +srvsvc
		60	+ dcerpc endpoint servers = +winreg +srvsvc +rpcecho
		61	notify:inotify = false
		62	ldb:nosync = true
		63	ldap server require strong auth = yes
		64	diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
		65	index 0db44e9..b052d42 100644
		66	--- a/source3/param/loadparm.c
		67	+++ b/source3/param/loadparm.c
		68	@@ -877,7 +877,7 @@ static void init_globals(struct loadparm_context *lp_ctx, bool reinit_globals)
		69
		70	Globals.server_services = str_list_make_v3_const(NULL, "s3fs rpc nbt wrepl ldap cldap kdc drepl winbindd ntp_signd kcc dnsupdate dns", NULL);
		71
		72	- Globals.dcerpc_endpoint_servers = str_list_make_v3_const(NULL, "epmapper wkssvc rpcecho samr netlogon lsarpc drsuapi dssetup unixinfo browser eventlog6 backupkey dnsserver", NULL);
		73	+ Globals.dcerpc_endpoint_servers = str_list_make_v3_const(NULL, "epmapper wkssvc samr netlogon lsarpc drsuapi dssetup unixinfo browser eventlog6 backupkey dnsserver", NULL);
		74
		75	Globals.tls_enabled = true;
		76	Globals.tls_verify_peer = TLS_VERIFY_PEER_AS_STRICT_AS_POSSIBLE;
		77	diff --git a/source4/rpc_server/wscript_build b/source4/rpc_server/wscript_build
		78	index 510335a..a95e070 100644
		79	--- a/source4/rpc_server/wscript_build
		80	+++ b/source4/rpc_server/wscript_build
		81	@@ -36,7 +36,8 @@ bld.SAMBA_MODULE('dcerpc_rpcecho',
		82	source='echo/rpc_echo.c',
		83	subsystem='dcerpc_server',
		84	init_function='dcerpc_server_rpcecho_init',
		85	- deps='ndr-standard events'
		86	+ deps='ndr-standard events',
		87	+ enabled=bld.CONFIG_GET('ENABLE_SELFTEST')
		88	)
		89
		90
		91	--
		92	2.25.1
		93


diff --git a/meta-networking/recipes-connectivity/samba/samba_4.10.18.bb b/meta-networking/recipes-connectivity/samba/samba_4.10.18.bb index d7b5864715..3b8da2b1cb 100644 --- a/meta-networking/recipes-connectivity/samba/samba_4.10.18.bb +++ b/meta-networking/recipes-connectivity/samba/samba_4.10.18.bb
@@ -30,6 +30,7 @@ SRC_URI = "${SAMBA_MIRROR}/stable/samba-${PV}.tar.gz \
30	file://0001-nsswitch-nsstest.c-Avoid-nss-function-conflicts-with.patch \	30	file://0001-nsswitch-nsstest.c-Avoid-nss-function-conflicts-with.patch \
31	file://CVE-2020-14318.patch \	31	file://CVE-2020-14318.patch \
32	file://CVE-2020-14383.patch \	32	file://CVE-2020-14383.patch \
		33	file://CVE-2023-42669.patch \
33	"	34	"
34	SRC_URI_append_libc-musl = " \	35	SRC_URI_append_libc-musl = " \
35	file://samba-pam.patch \	36	file://samba-pam.patch \